SANS Stormcast June, Tuesday, June 10th, 2025: Octosql; Mirai vs. Wazuh DNS4EU; Wordpress Fair Package Manager
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 696 Ratings
🗓️ 10 June 2025
⏱️ 6 minutes
🧾️ Download transcript
Summary
OctoSQL & Vulnerability Data
OctoSQL is a neat tool to query files in different formats using SQL. This can, for example, be used to query the JSON vulnerability files from CISA or NVD and create interesting joins between different files.
https://isc.sans.edu/diary/OctoSQL+Vulnerability+Data/32026
Mirai vs. Wazuh
The Mirai botnet has now been observed exploiting a vulnerability in the open-source EDR tool Wazuh.
https://www.akamai.com/blog/security-research/botnets-flaw-mirai-spreads-through-wazuh-vulnerability
DNS4EU
The European Union created its own public recursive resolver to offer a public resolver compliant with European privacy laws. This resolver is currently operated by ENISA, but the intent is to have a commercial entity operate and support it by a commercial entity.
https://www.joindns4.eu/
WordPress FAIR Package Manager
Recent legal issues around different WordPress-related entities have made it more difficult to maintain diverse sources of WordPress plugins. With WordPress plugins usually being responsible for many of the security issues, the Linux Foundation has come forward to support the FAIR Package Manager, a tool intended to simplify the management of WordPress packages.
https://github.com/fairpm
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello and welcome to the Tuesday, June 10th, 2025 edition of the Sands Internet Storm Center's Stormcast. |
| 0:08.4 | My name is Johannes Ulrich, and this episode brought you by the Sands.edu Masters Decree Program |
| 0:14.8 | in Information Security Engineering is recorded in Jacksonville, Florida. |
| 0:20.3 | Well, in diaries today, we do have a little tool introduction by Russ. |
| 0:25.0 | Russ introduces us to Octosequel, a tool. |
| 0:28.0 | I haven't used that myself, but actually sounds like something that I like. |
| 0:32.2 | It essentially allows you to read in files in various text file formats like JSON, CSV, tap delimited, and the like, |
| 0:41.1 | and then it allows you to write SQL queries against the content of these files. |
| 0:46.4 | So that makes it really handy to have sort of a simplified query language, no matter what |
| 0:53.8 | the particular file format is that you're reading into. |
| 0:57.6 | And, well, the example that Russiopresents is using the NVD JSON database and then writing queries |
| 1:05.6 | against this. For example, figuring out for his products, what their vulnerabilities are. |
| 1:11.3 | So it doesn't just read in the vulnerabilities, also like the product identifier database from |
| 1:18.1 | NVD in order to then be able to join the tool. |
| 1:21.5 | So interesting tool and like I said, certainly something that I'll probably give a try as well. |
| 1:28.2 | Well, yesterday I talked about DVR vulnerability in Mirai, which I mentioned well as |
| 1:33.8 | nothing really that unique and new. |
| 1:37.3 | But, well, today I have to talk again about Mirai. |
| 1:40.3 | And this time's a little bit more interesting in that Mirino apparently is also |
| 1:45.5 | exploiting a bazoo-related vulnerability. If you're not familiar with Vasu, it's actually a real |
| 1:53.0 | great open-source tool. It is an open-source endpoint detection response tool. So monitor |
| 2:00.6 | systems, does some log aggregation alike. |
... |
Transcript will be available on the free plan in 21 days. Upgrade to see the full transcript now.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2025.