SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Friday, October 17th, 2025: New Slack Workspace; Cisco SNMP Exploited; BIOS Backdoor; @sans_edu reseach: Active Defense
Oct 17, 2025
Mark Stephens, a cybersecurity architect at Cisco and an MSISE graduate, dives deep into active defense strategies in this discussion. He emphasizes the significance of detecting adversaries within networks using techniques like MITRE Engage. Topics include recent exploitation of a patched Cisco SNMP flaw and the discovery of a BIOS backdoor. Mark shares insights on using deception through honeytokens and honeypots for early detection, while also stressing the importance of continuously updating defenses to thwart evolving threats.
AI Snips
Chapters
Transcript
Episode notes
Replace Misconfigured Slack Workspace Quickly
- Move your Slack community to a new workspace if the provider misconfigures your account to an unsuitable tier.
- Notify users and update links quickly before deleting the old workspace to avoid disruption.
SNMP Exploit Undermined Network Isolation
- A Cisco SNMP vulnerability (CVE-2025-20352) was exploited in the wild soon after patch release, targeting older devices without ASLR.
- Attackers used switch access to break network isolation and deploy rootkits, enabling persistent backdoors.
Pre-Boot Shells Can Act As Persistent Backdoors
- Framework laptop BIOS shells include an mm command that can read/write memory before OS boot.
- That pre-boot access can override security checks and persist changes, effectively acting like a backdoor.