Podcast Detail

SANS Stormcast Friday, May 30th 2025: Alternate Data Streams; Connectwise Breach; Google Calendar C2;

If you are not able to play the podcast using the player below: Use this direct link to the audio file: https://traffic.libsyn.com/securitypodcast/9472.mp3

previous
Podcast Logo
Alternate Data Streams; Connectwise Breach; Google Calendar C2;
00:00

Alternate Data Streams: Adversary Defense Evasion and Detection
Good Primer of alternate data streams and how they are abused, as well as how to detect and defend against ADS abuse.
https://isc.sans.edu/diary/Alternate%20Data%20Streams%20%3F%20Adversary%20Defense%20Evasion%20and%20Detection%20%5BGuest%20Diary%5D/31990

Connectwise Breach Affects ScreenConnect Customers
Connectwise’s ScreenConnect solution was compromised, leading to attacks against a small number of customers. This is yet another example of how attackers are taking advantage of remote access solutions.
https://www.connectwise.com/company/trust/advisories

Mark Your Calendar: APT41 Innovative Tactics
Google detected attacks leveraging Google’s calendar solution as a command and control channel.
https://cloud.google.com/blog/topics/threat-intelligence/apt41-innovative-tactics

Webs of Deception: Using the SANS ICS Kill Chain to Flip the Advantage to the Defender
Defending a small Industrial Control System (ICS) against sophisticated threats can seem futile. The resource disparity between small ICS defenders and sophisticated attackers poses a significant security challenge.
https://www.sans.edu/cyber-research/webs-deception-using-sans-ics-kill-chain-flip-advantage-defender/


no transcript found