powercat

In this episode, Daryl and Scott talk to Microsoft employee Manuela Pichler about the Power CAT CoE Starter Kit (https://aka.ms/coestarterkit).

Some of the highlights:

• Scott returns from the Power Platform conference
• Dogs with separation anxiety 
• CoE - Spreading the excellence
• Who should be using it?

Manuela's Info and other links:

• Manuela Pichler - LinkedIn
• @ManuelaPichler_

Got questions? Have your own tool you’d like to share? Have a suggestion for a future episode? Contact Daryl and Scott at cast@xrmtoolbox.com. Follow us on LinkedIn and @XrmToolCast for updates on future episodes.

Do you want to see us too? Subscribe to our YouTube channel to view the last episodes. Don't forget to rate and leave a review for this show at Podchaser.

Your hosts:
Daryl LaBar: https://www.linkedin.com/in/daryllabar | @ddlabar
Scott Durow: https://www.linkedin.com/in/scottdurow | @ScottDurow

Editor: Linn Zaw Win: https://www.linkedin.com/in/linnzawwin  | @LinnZawWin

Music: https://www.purple-planet.com

Spencer and Michael react to Texas Tech defeating the Kansas State Wildcats, celebrate three years of the podcast, and give their thoughts on the upcoming college football national championship game.

See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

WISP.org donation page: https://wisporg.z2systems.com/np/clients/wisporg/donation.jsp

Mick Douglas (@bettersafetynet on Twitter)

Powercat: https://github.com/besimorhino/powercat

Netcat in a powershell environment

https://blog.rapid7.com/2018/09/27/the-powershell-boogeyman-how-to-defend-against-malicious-powershell-attacks/

https://www.hackingarticles.in/powercat-a-powershell-netcat/

Defenses against powercat? 

LolBins: https://www.cynet.com/blog/what-are-lolbins-and-how-do-attackers-use-them-in-fileless-attacks/

Sigma ruleset: https://www.nextron-systems.com/2018/02/10/write-sigma-rules/#:~:text=Sigma%20is%20an%20open%20standard,grep%20on%20the%20command%20line.

ElasticSearch bought Endgame; https://www.elastic.co/about/press/elastic-announces-intent-to-acquire-endgame

https://krebsonsecurity.com/2020/07/thinking-of-a-cybersecurity-career-read-this/

Twitter DM to @bettersafetynet:

Hey... I wanna talk about @hrbrmstr's tweet on the show tonight as well...

https://twitter.com/hrbrmstr/status/1287442304593276929

My thinking is if Cisco and others didn't try to intentionally downplay vulnerabilities by announcing them on a Friday, would we be more likely to patch sooner? Also, greater need for testing of patches to ensure that 80% of your workforce rely on that technology now. What's worse? Patching on a Friday evening (after several hours explaining the vuln to a manager), and then having it fuck something up so you're up at crack of dawn Monday troubleshooting something missed Friday night because testing was rushed/not conducted because the CEO can't access email?

I have thoughts, I've added this to the show note google doc.

https://www.reddit.com/r/netsec/comments/hwaj6f/nmap_script_fot_cve20203452/  -- nmap PoC script?

Embargoed vulns…

Getting management buy-in to patch