SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Friday, November 7th, 2025: PowerShell Log Correlation; RondoBox Disected; Google Chrome and Cisco Patches
Nov 7, 2025
Discover how PowerShell can be a powerful tool for correlating malware samples with honeypot logs. Learn about the alarming expansion of the RondoDox bot, which now boasts new exploits. Stay informed with the latest Google Chrome update addressing five critical vulnerabilities, including severe risks related to WebGPU. Additionally, listen in on discussions surrounding urgent Cisco patches that tackle serious security flaws, potentially allowing unauthorized system access. Cybersecurity insights you can't afford to miss!
AI Snips
Chapters
Transcript
Episode notes
Use PowerShell For Windows Scripting
- Use PowerShell to replicate common Unix command-line parsing tasks on Windows systems.
- Learn PowerShell JSON and text-processing techniques to automate malware and log correlation workflows.
Intern Diary Shows Practical Scripting
- Johannes describes an intern's diary correlating malware samples with honeypot logs using PowerShell.
- The diary highlights bridging Windows scripting gaps often seen in students more exposed to the Windows GUI.
RondoDox Expanded Its Exploit Arsenal
- The RondoDox bot increased its exploit set, causing more verbose activity and additional honeypot alerts.
- Expanded exploit repertoires lead to more detectable behavior and richer forensic captures in honeypots.