Podtranscript
Log out

Le Comptoir Sécu: [SECHebdo] 09 décembre 2020 - FireEye, RCE Teams, Deno, Burp Proxy Toggler, McAfee Criminality Report, CornerVuln, etc.

L'équipe du Comptoir Sécu L'équipe du Comptoir Sécu 12/9/20 - Episode Page

<![CDATA[https://www.comptoirsecu.fr/images/covers/2020-12-09-sechebdo-vignette.jpg" />
]]>

<p>Nous venons de tourner un nouveau SECHebdo en live sur Youtube. Comme d&rsquo;habitude, si vous avez raté l&rsquo;enregistrement, vous pouvez le retrouver sur notre chaîne Youtube (vidéo ci-dessus) ou bien au format podcast audio:</p>

<p>
<strong>Au sommaire de cette émission :</strong>
<ul><li>Todo <strong><a href="#t=00:01:30" onclick="location.reload()">(00:01:30)</a></strong></li></ul>
</p>

<script type="application/ld+json" id="podigee-settings">
{
"options": {
"theme": "default"
},
"extensions": {
"ChapterMarks": {
"disabled": false
},
"EpisodeInfo": {},
"Playlist": {
"disabled": true
},
"Transcript": {
"disabled": true
}
},
"podcast": {
"feed": "https://podcasts.comptoirsecu.fr/podcasts/SECHebdo/CSEC.SECHebdo.2020-12-09.m4a"
},
"episode": {
"media": {
"mp3": "https://podcasts.comptoirsecu.fr/podcasts/SECHebdo/CSEC.SECHebdo.2020-12-09.m4a"
},
"coverUrl": "https://www.comptoirsecu.fr/images/covers/2020-12-09-sechebdo-vignette.jpg",
"title": "[SECHebdo] 09 décembre 2020",
"subtitle": "FireEye, RCE Teams, Deno, Burp Proxy Toggler, McAfee Criminality Report, CornerVuln, etc.",
"description": "Épisode du 09 12 2020 - SECHebdo est une revue de l&#39;actualité cybersécurité réalisée en live sur Youtube, généralement le mercredi soir."

,"chaptermarks": [





{ "start": "00:01:30", "title": "Todo"}


]

}
}
</script>

<script type="text/javascript" src="https://www.comptoirsecu.fr/js/podigee-get-settings.min.192d4afa439903f73345b15d3d1b7132598bb1d2238d1f1fc91d39b516bf2ed2.js" integrity="sha256-GS1K&#43;kOZA/czRbFdPRtxMlmLsdIjjR8fyR05tRa/LtI="></script>
<script class="podigee-podcast-player" src="//cdn.podigee.com/podcast-player/javascripts/podigee-podcast-player.js" data-configuration="podigee"></script>


<p>Notre discord : <a href="http://discord.comptoirsecu.fr">http://discord.comptoirsecu.fr</a></p>

<p>A bientôt pour d&rsquo;autres émissions/podcasts!</p>

<h3 id="liste-des-sources">Liste des sources :</h3>

<ul>
<li>Wormable RCE, Microsoft Teams

<ul>
<li><a href="https://github.com/oskarsve/ms-teams-rce">GitHub - oskarsve/ms-teams-rce</a></li>
</ul></li>
<li>Deno, ou node v2 ?

<ul>
<li><a href="https://blog.logrocket.com/deno-1-0-what-you-need-to-know/">Deno 1.0: What you need to know - LogRocket Blog</a></li>
</ul></li>
<li>Burp Proxy Toggler

<ul>
<li><a href="https://github.com/romainricard/burp-headup">GitHub - romainricard/burp-headup: Toggle Burp proxy from anywhere and get its status in i3wm</a></li>
</ul></li>
<li>McAfee Criminality Report

<ul>
<li><a href="https://www.mcafee.com/enterprise/en-us/assets/reports/restricted/rp-economic-impact-cybercrime.pdf">PDF Document</a></li>
<li><a href="https://www.journaldugeek.com/2020/12/08/cybercriminalite-coute-1000-milliards-dollars/">La cybercriminalité se chiffre désormais à 1000 milliards de dollars</a></li>
<li><a href="https://www.ibm.com/security/digital-assets/cost-data-breach-report/#/fr">Cost of a Data Breach Report 2020 | IBM</a></li>
</ul></li>
<li>Test du jeu Yolo Space Hacker, appel à volontaires

<ul>
<li><a href="https://store.steampowered.com/app/1341450/Yolo_Space_Hacker/">Yolo Space Hacker on Steam</a></li>
</ul></li>
<li>FireEye hacked

<ul>
<li><a href="https://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html">FireEye Shares Details of Recent Cyber Attack, Actions to Protect Community | FireEye Inc</a></li>
<li><a href="https://github.com/fireeye/red_team_tool_countermeasures/tree/master/rules">red_team_tool_countermeasures/rules at master · fireeye/red_team_tool_countermeasures · GitHub</a></li>
<li><a href="https://www.fireeye.com/blog/threat-research/2020/12/unauthorized-access-of-fireeye-red-team-tools.html">Unauthorized Access of FireEye Red Team Tools | FireEye Inc</a></li>
</ul></li>
<li>Corner vulns

<ul>
<li><a href="https://www.forescout.com/research-labs/amnesia33/">AMNESIA:33 - Forescout</a></li>
<li><a href="https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01">Multiple Embedded TCP/IP Stacks | CISA</a></li>
<li><a href="https://kb.cert.org/vuls/id/815128">search</a></li>
<li><a href="https://www.bsi.bund.de/DE/Presse/Kurzmeldungen/Meldungen/Amnesia_201208.html">BSI - Kurzmeldungen des BSI - AMNESIA33: Teils kritische Schwachstellen gefunden</a></li>
<li><a href="https://www.forescout.com/company/resources/amnesia33-how-tcp-ip-stacks-breed-critical-vulnerabilities-in-iot-ot-and-it-devices/">https://www.forescout.com/company/resources/amnesia33-how-tcp-ip-stacks-breed-critical-vulnerabilities-in-iot-ot-and-it-devices/</a></li>
<li><a href="https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10195">
D-Link Technical Support
</a></li>
<li><a href="https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564757079">SAP Security Patch Day – December 2020 - Product Security Response at SAP - Community Wiki</a></li>
<li><a href="https://www.openssl.org/news/secadv/20201208.txt">https://www.openssl.org/news/secadv/20201208.txt</a></li>
<li><a href="https://blog.netspi.com/cve-2020-17049-kerberos-bronze-bit-overview/">CVE-2020-17049: Kerberos Bronze Bit Attack - Overview</a></li>
<li><a href="https://blog.netspi.com/cve-2020-17049-kerberos-bronze-bit-theory/">CVE-2020-17049: Kerberos Bronze Bit Attack - Theory</a></li>
<li><a href="https://blog.netspi.com/cve-2020-17049-kerberos-bronze-bit-attack/">CVE-2020-17049: Kerberos Bronze Bit Attack - Practical Exploitation</a></li>
<li><a href="https://support.microsoft.com/en-us/help/4598347/managing-deployment-of-kerberos-s4u-changes-for-cve-2020-17049">https://support.microsoft.com/en-us/help/4598347/managing-deployment-of-kerberos-s4u-changes-for-cve-2020-17049</a></li>
<li><a href="https://www.zerodayinitiative.com/blog/2020/12/8/the-december-2020-security-update-review">Zero Day Initiative — The December 2020 Security Update Review</a></li>
<li><a href="https://blog.talosintelligence.com/2020/12/microsoft-patch-tuesday-dec-2020-.html">https://blog.talosintelligence.com/2020/12/microsoft-patch-tuesday-dec-2020-.html</a></li>
<li><a href="https://media.defense.gov/2020/Dec/07/2002547071/-1/-1/0/CSA_VMWARE%20ACCESS_U_OO_195076_20.PDF">https://media.defense.gov/2020/Dec/07/2002547071/-1/-1/0/CSA_VMWARE%20ACCESS_U_OO_195076_20.PDF</a></li>
</ul></li>
<li>Vidéos Botconf

<ul>
<li><a href="https://www.youtube.com/playlist?list=PL8fFmUArVzKiMd6twm9ikaSl8oM76Hotd">Botconf 2020</a></li>
</ul></li>
</ul>