2020-030- Mick Douglas, Defenses against powercat, offsec tool release, SRUM logs, and more!

WISP.org donation page: https://wisporg.z2systems.com/np/clients/wisporg/donation.jsp

Mick Douglas (@bettersafetynet on Twitter)

Powercat: https://github.com/besimorhino/powercat

Netcat in a powershell environment

https://blog.rapid7.com/2018/09/27/the-powershell-boogeyman-how-to-defend-against-malicious-powershell-attacks/

https://www.hackingarticles.in/powercat-a-powershell-netcat/

Defenses against powercat?

LolBins: https://www.cynet.com/blog/what-are-lolbins-and-how-do-attackers-use-them-in-fileless-attacks/

Sigma ruleset: https://www.nextron-systems.com/2018/02/10/write-sigma-rules/#:~:text=Sigma%20is%20an%20open%20standard,grep%20on%20the%20command%20line.

ElasticSearch bought Endgame; https://www.elastic.co/about/press/elastic-announces-intent-to-acquire-endgame

https://krebsonsecurity.com/2020/07/thinking-of-a-cybersecurity-career-read-this/

Twitter DM to @bettersafetynet:Hey... I wanna talk about @hrbrmstr's tweet on the show tonight as well...

https://twitter.com/hrbrmstr/status/1287442304593276929

My thinking is if Cisco and others didn't try to intentionally downplay vulnerabilities by announcing them on a Friday, would we be more likely to patch sooner? Also, greater need for testing of patches to ensure that 80% of your workforce rely on that technology now. What's worse? Patching on a Friday evening (after several hours explaining the vuln to a manager), and then having it fuck something up so you're up at crack of dawn Monday troubleshooting something missed Friday night because testing was rushed/not conducted because the CEO can't access email?

I have thoughts, I've added this to the show note google doc.

https://www.reddit.com/r/netsec/comments/hwaj6f/nmap_script_fot_cve20203452/ -- nmap PoC script?

Embargoed vulns…

Getting management buy-in to patch