Hello and welcome to the Thursday, March 6, 2025 edition of the Sands and the Stormsummer's

Stormcast. My name is Johannes Ulrich, and the time recording from Baltimore, Maryland.

Guy has done an amazing job with our D-Shield Honeypot, allowing you to run a Kibbana interface, all the data being stored

in Elastic Search, and with that, making the data that your honeypot collects much more approachable.

Now, there is sadly always a lot of data, well, sadly or not so sad, depending on how you look at it,

but the Gidu-day wrote a diary, walking you a little bit through how to better get a handle at the data and finding events of interest to better understand what attackers are up to with your honeypot and, well, learn from it.

Interesting blog post, yes, if you do want to run the DeShield Honeypot,

please do so.

We always like your data.

And with the Elk interface, well, it also becomes much more interesting for you to actually look at the data.

You may need a little bit more powerful system than just sort of your

basic Raspberry Pi in order to run all of this. The Google Buckhunter team today released

a lot of details, including working exploit code for a vulnerability that AMD patched a month ago.

This vulnerability allows you to essentially update the microcode in your CPU.

The microcode is routinely updated and it's often delivered with operating system updates

like Microsoft Linux updates and such include new microcode for your CPU.

But this update is supposed to be cryptographically signed.

The problem with AMD's implementation of this update procedure was that the hash function that they used,

well, wasn't really as secure as it should be for this application.

The patch a month ago, they updated with a new proprietary hash function that appears

to at least solve this problem.

And with that now, Google did release the details about this vulnerability,

...