SIGRed - Monitoring and Detecting with Splunk

Nebraska 402 Splunk User Group

Thursday, August 13, 2020, 7:00 – 8:00 PM UTC


About this event

UPDATE: Due to an error by me on timezones, I have adjusted the time of the event.  Sorry about this and I hope everyone can still make it.

On July 17th a blog was posted on Splunk site that caught my eye with a title of "Checking for SIGRed (CVE-2020-1350) and CISA ED 20-03 with Splunk".  For those who haven’t heard about CVE-2020-1350, it is an unauthenticated, remote code execution (RCE) vulnerability in Microsoft Windows Domain Name System (DNS) servers. Successful exploitation allows attackers to run any code they want with local SYSTEM access. RCEs are bad vulnerabilities, unauthenticated ones are even worse. Pair this with one of the most common authentication platforms (Microsoft Active Directory), and you’re in for a world of hurt.



Thursday, August 13, 2020
7:00 PM – 8:00 PM UTC


7:00 PMStart of the Meeting
8:00 PMEnd of the Meeting