SIGRed - Monitoring and Detecting with Splunk

Nebraska 402 Splunk User Group
Thu, Aug 13, 2020, 2:00 PM (CDT)

Check out what happened

About this event

UPDATE: Due to an error by me on timezones, I have adjusted the time of the event.  Sorry about this and I hope everyone can still make it.

On July 17th a blog was posted on Splunk site that caught my eye with a title of "Checking for SIGRed (CVE-2020-1350) and CISA ED 20-03 with Splunk".  For those who haven’t heard about CVE-2020-1350, it is an unauthenticated, remote code execution (RCE) vulnerability in Microsoft Windows Domain Name System (DNS) servers. Successful exploitation allows attackers to run any code they want with local SYSTEM access. RCEs are bad vulnerabilities, unauthenticated ones are even worse. Pair this with one of the most common authentication platforms (Microsoft Active Directory), and you’re in for a world of hurt.

Featured Presentation

Speakers

When

Thursday, Aug 13
2:00 PM - 3:00 PM (CDT)

Host

  • Tony Reinke

    Tony Reinke

    Cribl.io

    Product Advocacy Manager

    See Bio

Organizers

  • Tony Reinke

    Tony Reinke

    Cribl

    Leader, Nebraska 402 Splunk User Group

    View Profile
  • Nancy Kafer

    Nancy Kafer

    Leader, Nebraska 402 Splunk User Group

    View Profile
  • Dustin Church

    Dustin Church

    Nebraska User Group Leader

    View Profile