Hello and welcome to the Friday, May 29th, 2006 edition of the Sands International Stormers

Stormcast. My name is Johannes Ulrich, recording today from Jacksonville, Florida. And this episode

is brought you by the Sands.eduedu grad certificate program in cyber security engineering.

At the beginning of each podcast, I always highlight one of the programs of our college, sance.edu.

Today, we also release another volume of our research review journal. This journal collects some of the best papers that

students have written over the last year, so certainly something worthwhile browsing through,

in particular if you're interested, maybe in the program itself, to see what our master's degree

students are coming up with.

And Guy today took a quick snapshot of his honeypot and looked at, well, what kind of activity

there was this last year. And no surprise, there was plenty of activity. It sort of started

for Guy in October, really, for real, and part

of course on some maintenance here on the Honeypot. Ghee is maintaining a little seam that

actually can be installed on top of our honeypot, then can be used to create these kind of

summaries. What kind of surprised me here in the summaries is that when we're looking at the file

uploads that happen via Cowrie, so these are people connecting via S-H or Telnet.

Well, there's actually a non-negligible number of PowerShell scripts that were uploaded to these Linux, essentially

Honeybots. Not sure if this was just sort of, you know, by mistake, or if they're counting on

Windows systems running as age, or maybe, well, a lot of the more modern Linux distributions

also at least come optionally with PowerShell as well. So maybe they count on that.

Not sure if the particular PowerShell scripts uploaded to these systems would work on

default PowerShell installs on Linux.

And then we got an interesting backdoor in a popular VPN extension for Google Chrome and Edge.

...