Podtranscript
Log out

Le Comptoir Sécu: [SECHebdo] 22 septembre 2020 - Fix audio - IOCs Cobalt Strike, Firefox Android SSDP, NITRE ATT&CK Data Sources, ZeroLogon, Corner Vuln, etc.

L'équipe du Comptoir Sécu L'équipe du Comptoir Sécu 9/22/20 - Episode Page

<![CDATA[https://www.comptoirsecu.fr/images/covers/2020-09-22-sechebdo-vignette.jpg" />
]]>

<p>Nous venons de tourner un nouveau SECHebdo en live sur Youtube. Comme d&rsquo;habitude, si vous avez raté l&rsquo;enregistrement, vous pouvez le retrouver sur notre chaîne Youtube (vidéo ci-dessus) ou bien au format podcast audio:</p>

<p>
<strong>Au sommaire de cette émission :</strong>
<ul><li>Todo <strong><a href="#t=00:01:30" onclick="location.reload()">(00:01:30)</a></strong></li></ul>
</p>

<script type="application/ld+json" id="podigee-settings">
{
"options": {
"theme": "default"
},
"extensions": {
"ChapterMarks": {
"disabled": false
},
"EpisodeInfo": {},
"Playlist": {
"disabled": true
},
"Transcript": {
"disabled": true
}
},
"podcast": {
"feed": "https://podcasts.comptoirsecu.fr/podcasts/SECHebdo/CSEC.SECHebdo.2020-09-22.m4a"
},
"episode": {
"media": {
"mp3": "https://podcasts.comptoirsecu.fr/podcasts/SECHebdo/CSEC.SECHebdo.2020-09-22.m4a"
},
"coverUrl": "https://www.comptoirsecu.fr/images/covers/2020-09-22-sechebdo-vignette.jpg",
"title": "[SECHebdo] 22 septembre 2020 - Fix audio",
"subtitle": "IOCs Cobalt Strike, Firefox Android SSDP, NITRE ATT&amp;CK Data Sources, ZeroLogon, Corner Vuln, etc.",
"description": "Épisode du 22 09 2020 - SECHebdo est une revue de l&#39;actualité cybersécurité réalisée en live sur Youtube, généralement le mardi soir."

,"chaptermarks": [





{ "start": "00:01:30", "title": "Todo"}


]

}
}
</script>

<script type="text/javascript" src="https://www.comptoirsecu.fr/js/podigee-get-settings.min.192d4afa439903f73345b15d3d1b7132598bb1d2238d1f1fc91d39b516bf2ed2.js" integrity="sha256-GS1K&#43;kOZA/czRbFdPRtxMlmLsdIjjR8fyR05tRa/LtI="></script>
<script class="podigee-podcast-player" src="//cdn.podigee.com/podcast-player/javascripts/podigee-podcast-player.js" data-configuration="podigee"></script>


<p>Notre discord : <a href="http://discord.comptoirsecu.fr">http://discord.comptoirsecu.fr</a></p>

<p>A bientôt pour d&rsquo;autres émissions/podcasts!</p>

<h3 id="liste-des-sources">Liste des sources :</h3>

<ul>
<li>Talos plonge dans Cobalt Strike

<ul>
<li><a href="https://blog.talosintelligence.com/2020/09/coverage-strikes-back-cobalt-strike-paper.html">https://blog.talosintelligence.com/2020/09/coverage-strikes-back-cobalt-strike-paper.html</a></li>
</ul></li>
<li>MITRE ATT&amp;CK et les data sources

<ul>
<li><a href="https://medium.com/mitre-attack/defining-attack-data-sources-part-i-4c39e581454f">https://medium.com/mitre-attack/defining-attack-data-sources-part-i-4c39e581454f</a></li>
</ul></li>
<li>Publications du comptoir

<ul>
<li><a href="https://www.comptoirsecu.fr/blog/2020-09-13-sans-summit-th-2020/">Threat Hunting SANS Summit 2020 : Le Comptoir Sécu</a></li>
<li><a href="https://www.comptoirsecu.fr/podcast/%C3%A9pisode-53-la-s%C3%A9curit%C3%A9-sur-office-365/">[Épisode 53] La sécurité sur Office 365 : Le Comptoir Sécu</a></li>
<li><a href="https://www.nolimitsecu.fr/10-quick-wins-pour-rssi/">10 Quick Wins pour RSSI - NoLimitSecu</a></li>
</ul></li>
<li>Vulnérabilité critique dans Firefox for Android

<ul>
<li><a href="https://www.zdnet.com/article/firefox-bug-lets-you-hijack-nearby-mobile-browsers-via-wifi/#ftag=RSSbaffb68">Firefox bug lets you hijack nearby mobile browsers via WiFi | ZDNet</a></li>
<li><a href="https://gitlab.com/gitlab-com/gl-security/security-operations/gl-redteam/red-team-tech-notes/-/tree/master/firefox-android-2020">firefox-android-2020 · master · GitLab.com / GitLab Security Department / Security Operations Sub-department / GitLab Red Team / Red Team Tech Notes · GitLab</a></li>
<li><a href="https://twitter.com/init_string?ref_src=twsrc%5Etfw">https</a></li>
<li><a href="https://www.mozilla.org/en-US/firefox/android/68.11.0/releasenotes/">Firefox for Android 68.11.0, See All New Features, Updates and Fixes</a></li>
</ul></li>
<li>Corner Vulns

<ul>
<li><a href="https://www.secura.com/blog/zero-logon">[Blog] Zerologon: instantly become domain admin by subverting Netlogon cryptography (CVE-2020-1472)</a></li>
<li><a href="https://www.secura.com/pathtoimg.php?id=2055">https://www.secura.com/pathtoimg.php?id=2055</a></li>
<li><a href="https://www.cert.ssi.gouv.fr/alerte/CERTFR-2020-ALE-020/">Vulnérabilité dans Microsoft Netlogon – CERT-FR</a></li>
<li><a href="https://github.com/SecuraBV/CVE-2020-1472">GitHub - SecuraBV/CVE-2020-1472: Test tool for CVE-2020-1472</a></li>
<li><a href="https://blog.nviso.eu/2020/09/17/sentinel-query-detect-zerologon-cve-2020-1472/">Sentinel Query: Detect ZeroLogon (CVE-2020-1472) – NVISO Labs</a></li>
<li><a href="https://access.redhat.com/security/cve/CVE-2020-1472">Red Hat Customer Portal</a></li>
<li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472">https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472</a></li>
<li><a href="https://support.microsoft.com/en-us/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc">https://support.microsoft.com/en-us/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc</a></li>
<li><a href="https://docs.microsoft.com/openspecs/windows_protocols/ms-cssp/85f57821-40bb-46aa-bfcb-ba9590b8fc30">[MS-CSSP]: Credential Security Support Provider (CredSSP) Protocol | Microsoft Docs</a></li>
<li><a href="https://bugzilla.samba.org/show_bug.cgi?id=14497">14497 – (CVE-2020-1472) [CVE-2020-1472] [SECURITY] Samba impact of &ldquo;ZeroLogon&rdquo;</a></li>
<li><a href="https://www.splunk.com/en_us/blog/security/detecting-cve-2020-1472-using-splunk-attack-range.html">Detecting CVE-2020-1472 (CISA ED 20-04) Using Splunk Attack Range</a></li>
</ul></li>
</ul>