Dr. Homebrew breaks down your home brewed beer and gives you the feedback you're looking for to improve your brewing! Join JP, along with his co-hosts, BJCP Master Judges Brian Cooper and Brian Schar, as they dissect listener-submitted homebrew and provide tips and tricks to improve your brewing! Have questions or want your beer evaluated on Dr. Homebrew? Email us at [email protected]
…
continue reading
Homebrew Network Podcasts
A strange funeral drags six unfamiliar faces from their homes to Seer's Mourning. None of them will leave the same. A D&D 5e actual play podcast produced by the Tabletop Talespinners Network. New episodes every other Friday! Cover art by Jee Prophet
…
continue reading
Immersive Tabletop RPG storytelling meets audio drama in this narrative actual play podcast. Dive into the epic world of MythCraft with Ties the Bind, a cinematic actual play podcast where every relationship matters, every tie can bind, and family is everything. What to Expect: -Collaborative storytelling that puts character development first -Immersive sound design and atmospheric audio -Real dice rolls and authentic tabletop gaming moments Join us on Discord
…
continue reading
The Sanity Damage podcast is a series of TTRPG campaigns set in a multiverse cooked up by Nathan Heard and his peers. Sanity Damage's first campaign, To Whom the Sea Belongs, follows the story of an unlikely team of motley scalawags and genteel nobles as they stumble into a mind-bending conspiracy that reaches far beyond their mortal world. In this campaign, the party wrestles with the moderate good and considerable evil that arises from colonialism, and they experience the vast and diverse ...
…
continue reading
The original live show that brings professional brewer and homebrewer interviews, and the best in beer-tainment, right to you as we talk about homebrewing beer and craft brewing. Each episode covers specific brewing topics to inform and entertain, and world class professional brewers as guests. All the fun of real radio, without the boredom. Live listeners can participate and ask questions by joining our chatroom. Watch the live show at YouTube.com/brewingnetwork. Have a brewing question or ...
…
continue reading
Brew Strong, with hosts Jamil Zainasheff and John Palmer, combines the two most prominent authors and figures in homebrewing today in a live beer radio format that allows listeners to pose beginning and advanced brewing questions to expert hosts and guests from the Craft Beer industry. Designed as a brewing geek's must-listen show, Brew Strong is your source for cutting edge beer and brewing information, answers to technical questions, as well as a guide to a greater appreciation of all thin ...
…
continue reading
World Weavers is a D&D actual play about world-building, storytelling, and imagination. The players not only have their character and play through a 5th edition actual play adventure but also shape the world and its people. They will craft landscapes, build towns, control factions, and breathe life into the stories springing into existence around them - and these will be the settings for our actual play adventures Live on Youtube Mondays at 7PM EST - https://youtube.com/@thehomebrewdnd World ...
…
continue reading
Power Word Fail is a fantasy actual play D&D 5e podcast powered by lush character dynamics, arcane mystery, and the hilarity of the players’ table. Take arms and take heed: all actions have consequences in the world of Power Word Fail. Our first campaign, Chosen of the Crystal Crown, is helmed by DM Cody Smith, with cast members Tyrell Nye, Austin Brady, Nathan Heard, Andi Casuras, Katie Franks, and Ian Davis. This is a Homebrew Podcast. Learn more at actualplaypods.com You can support the s ...
…
continue reading
"It's all real, Everything Matters, and it Never Ends." Everything Matters is a Comedy Horror Podcast published every Tuesday. The show is focused on storytelling and features paranormal, surreal, absurd, and post-apocalyptic elements. This critically-acclaimed 7x Humanbody Award-winning collection of stories and coverage of contemporary issues affecting Tri Town and beyond is one of this planet's most popular programs. Hosted by Michael Taur and Dale Dallas, the show features intimate conve ...
…
continue reading
Welcome To The World Of Norian! A Dungeons and Dragons homebrew world.
…
continue reading
Homebrewing beer. In each episode award winning brewer and beer writer Jamil Zainasheff discusses brewing a specific style of beer. Included are award winning recipes, tips for home brewing, tasting notes, and a live question and answer segment with listeners.
…
continue reading
Advantage is a homebrew, actual-play, 5th Edtion Dungeons & Dragons audio drama focusing on storytelling and character development, and a member of the Darkmore Podcast Network.
…
continue reading
The Brewing After Hours Podcast is hosted by homebrewer and digital creator Sarah Flora (aka Flora Brewing), known for her popular Instagram and YouTube content breaking down the art of brewing from her home in Los Angeles. This series goes beyond the brew kettle — exploring the history, culture, and untold stories behind beer, with guest appearances from homebrewers and industry pros alike. While new episodes aren’t currently dropping, the full archive is packed with brewing deep-dives, fun ...
…
continue reading
A Podcast built around the love of tabletop gaming! Sit back, relax and let your ears take it all in. As we dive into the ever so famous world of Dungeons & Dragons. A Fifth Edition rule-based Homebrew campaign! Created by the SOH Network The Cast: lan // Derek // Justin // Thomas // Isaiah // Christopher Want to know more? Follow and support us at: Instagram:thesleightofhandpodcast Twitter:SleightofhandPC Facebook:thesleightofhandpodcast Gmail:[email protected] Youtube:Sleig ...
…
continue reading
The Podcasters of the Dragon Wagon Radio podcast network venture into a mythical land in this DnD inspired actual-play homebrew RPG show that's heavy on the RP. Jake Lloyd Bacon, Alexandra Hoey and Matt Hingstman are joined by actor, improv and comic special guests, and must take on the roles of Half-Orcs, Dark Elves and more as they fight their way through a mythical land of peril, drama and hilarity all controlled by Dungeon Master Paul Bianchi and the chance rolls of dice!
…
continue reading
Homebrewing beer, sports, and Star Wars brought to you by Brian and Kristen. Part of the Tosche Station Podcasting Network.
…
continue reading
Daily cybersecurity news for practitioners. Vulnerabilities, defenses, threats, network security insight, research and more to make you sound smarter as you get to the office in the morning. New each weekday.
…
continue reading
What’s My Roll is a Dungeons & Dragons 5th Edition actual-play seasonal podcast recorded and produced in Hong Kong. Set in the homebrew world of Eresyn, in the country of Pelantus. DM Ben Margalith crafts an intricate, living world full of lore, intrigue, and memorable characters. Join the players and their Neighborhood Watch Association as they try to clean up the streets of Brighthallow one district at a time. Little do they know, there’s much more at stake than they signed up for! For upd ...
…
continue reading
A Homebrewed TTRPG Actual Play Cryptid Campaign, with voice acting, sound FX, and original music. Set in the mid 1950s, this story follows four citizens around Pembine and Marinette, Wisconsin, as they begin to unveil some strange occurrences in the area.
…
continue reading
Hosted by Jay Goodwin, co-founder of The Rare Barrel in Berkeley, California, The Sour Hour is an in-depth look into the process of making wild ales. With the help of some of the best mixed-fermentation brewers in the world, Jay discusses the techniques required to make world class sour beer. Have a question or comment? Email us at [email protected].
…
continue reading
The Few Who Speak Podcast is a general talk show with an emphasis on funny anecdotes from the show-runners. The show comes from the Fable Few Media Network and features the six main members: Alex, Ares, Gray, Lilith, Moke, and Tyler. If you're looking for a new chill podcast to listen to in the car or at work, this is the show for you.
…
continue reading
It’s modern American history, one beer at a time! Join VinePair contributing editor and columnist Dave Infante for Taplines, a weekly interview series with brewing icons, industry insiders, and outspoken experts about the United States’ most beloved and best-selling beers. Bros discussing their favorite IPAs, this ain’t. Taplines is a mix of journalism, history, and beer that you won’t find anywhere else but the VinePair Podcast Network. Hosted on Acast. See acast.com/privacy for more inform ...
…
continue reading
1
Dr. Homebrew | Episode #276: Back to the '90's
2:04:26
2:04:26
Play later
Play later
Lists
Like
Liked
2:04:26
We had this idea: what if we had a few adventurous homebrewers brew beers according to some old set of BJCP style guidelines? Could they do it? What would that judging be like? How much has beer changed over the last 20 years or so? Turns out, there were other people who wanted to know the answers to those questions, too! So on today's show, we hav…
…
continue reading
1
SANS Stormcast Friday, August 22nd, 2025: The -n switch; Commvault Exploit; Docker Desktop Escape Vuln;
6:52
6:52
Play later
Play later
Lists
Like
Liked
6:52
Don't Forget The "-n" Command Line Switch Disabling reverse DNS lookups for IP addresses is important not just for performance, but also for opsec. Xavier is explaining some of the risks. https://isc.sans.edu/diary/Don%27t%20Forget%20The%20%22-n%22%20Command%20Line%20Switch/32220 watchTowr releases details about recent Commvault flaws Users of the …
…
continue reading
1
SANS Stormcast Thursday, August 21st, 2025: Airtel Scans; Apple Patch; Microsoft Copilot Audit Log Issue; Password Manager Clickjacking
6:52
6:52
Play later
Play later
Lists
Like
Liked
6:52
Airtel Router Scans and Mislabeled Usernames A quick summary of some odd usernames that show up in our honeypot logs https://isc.sans.edu/diary/Airtel%20Router%20Scans%2C%20and%20Mislabeled%20usernames/32216 Apple Patches 0-Day CVE-2025-43300 Apple released an update for iOS, iPadOS and MacOS today patching a single, already exploited, vulnerabilit…
…
continue reading
1
SANS Stormcast Wednesday, August 20th, 2025: Increased Elasticsearch Scans; MSFT Patch Issues
6:07
6:07
Play later
Play later
Lists
Like
Liked
6:07
Increased Elasticsearch Recognizance Scans Our honeypots noted an increase in reconnaissance scans for Elasticsearch. In particular, the endpoint /_cluster/settings is hit hard. https://isc.sans.edu/diary/Increased%20Elasticsearch%20Recognizance%20Scans/32212 Microsoft Patch Tuesday Issues Microsoft noted some issues deploying the most recent patch…
…
continue reading
1
SANS Stormcast Tuesday, August 19th, 2025: MFA Bombing; Cisco Firewall Management Vuln; F5 Access for Android Vuln;
5:10
5:10
Play later
Play later
Lists
Like
Liked
5:10
Keeping an Eye on MFA Bombing Attacks Attackers will attempt to use authentication fatigue by bombing users with MFA authentication requests. Rob is talking in this diary about how to investigate these attacks in a Microsoft ecosystem. https://isc.sans.edu/diary/Keeping+an+Eye+on+MFABombing+Attacks/32208 Critical Cisco Secure Firewall Management Ce…
…
continue reading
1
SANS Stormcast Monday, August 18th, 2025: 5G Attack Framework; Plex Vulnerability; Fortiweb Exploit; Flowise Vuln
5:43
5:43
Play later
Play later
Lists
Like
Liked
5:43
SNI5GECT: Sniffing and Injecting 5G Traffic Without Rogue Base Stations Researchers from the Singapore University of Technology and Design released a new framework, SNI5GECT, to passively sniff and inject traffic into 5G data streams, leading to DoS, downgrade and other attacks. https://isc.sans.edu/diary/SNI5GECT%3A%20Sniffing%20and%20Injecting%20…
…
continue reading
1
Sanity Damage | To Whom the Sea Belongs | Campaign 1, Episode 84
5:30:58
5:30:58
Play later
Play later
Lists
Like
Liked
5:30:58
Back from hiatus, join Nathan and the heroes of Sanity Damage as they embark on the first half of a twelve-hour marathon bringing the campaign to a monumental conclusion.By The Homebrew Network
…
continue reading
1
Sanity Damage | To Whom the Sea Belongs | Campaign 1, Episode 85
6:15:19
6:15:19
Play later
Play later
Lists
Like
Liked
6:15:19
Sail into the new unknown with the heroes of Sanity Damage as they conclude this tremendous marathon that marks the end of To Whom the Sea Belongs.By The Homebrew Network
…
continue reading
CONTENT WARNINGS: Descriptions of corpses (54:01 - 55:15) Body horror sfx (58:04 - 58:10, 59:01 - 59:04, 1:00:23 - 1:00:30, 1:02:19 - 1:02:28, 1:03:33 - 1:03:43) The party continues their descent into the earth and arrives at the heart of Mor Akkros. Will those hiding in the shadows present themselves as friend or foe? Find more of the Tabletop Tal…
…
continue reading
1
Brew Strong | Mixed Fermentation Part 2
1:33:09
1:33:09
Play later
Play later
Lists
Like
Liked
1:33:09
In this episode, the Brew Strong team tackle the complex world of mixed fermentation (part 2). With so much information in the world of wild and sour beers, it took two episodes to cover this fascinating topic. Tune in to part two here and get ready to get wild! Learn more about your ad choices. Visit megaphone.fm/adchoices…
…
continue reading
1
SANS Stormcast Friday, August 15th, 2025: Analysing Attack with AI; Proxyware via YouTube; Xerox FreeFlow Vuln; Evaluating Zero Trust @SANS_edu
15:12
15:12
Play later
Play later
Lists
Like
Liked
15:12
AI and Faster Attack Analysis A few use cases for LLMs to speed up analysis https://isc.sans.edu/diary/AI%20and%20Faster%20Attack%20Analysis%20%5BGuest%20Diary%5D/32198 Proxyware Malware Being Distributed on YouTube Video Download Site Popular YouTube download sites will attempt to infect users with proxyware. https://asec.ahnlab.com/en/89574/ Xero…
…
continue reading
1
SANS Stormcast Thursday, August 14th, 2025: Equation Editor; Kerberos Patch; XZ-Utils Backdoor; ForitSIEM/FortiWeb patches
7:16
7:16
Play later
Play later
Lists
Like
Liked
7:16
CVE-2017-11882 Will Never Die The (very) old equation editor vulnerability is still being exploited, as this recent sample analyzed by Xavier shows. The payload of the Excel file attempts to download and execute an infostealer to exfiltrate passwords via email. https://isc.sans.edu/diary/CVE-2017-11882%20Will%20Never%20Die/32196 Windows Kerberos El…
…
continue reading
1
SANS Stormcast Wednesday, August 13th, 2025: Microsoft Patch Tuesday; libarchive vulnerability upgrade; Adobe Patches
8:55
8:55
Play later
Play later
Lists
Like
Liked
8:55
Microsoft Patch Tuesday https://isc.sans.edu/diary/Microsoft%20August%202025%20Patch%20Tuesday/32192 https://cymulate.com/blog/zero-click-one-ntlm-microsoft-security-patch-bypass-cve-2025-50154/ libarchive Vulnerability A libarchive vulnerability patched in June was upgraded from a low CVSS score to a critical one. Libarchive is used by compression…
…
continue reading
1
SANS Stormcast Tuesday, August 12th, 2025: Erlang OTP SSH Exploits (Palo Alto Networks); Winrar Exploits; Netscaler Exploits; OpenSSH Pushing PQ Crypto;
6:52
6:52
Play later
Play later
Lists
Like
Liked
6:52
Erlang OTP SSH Exploits A recently patched and easily exploited vulnerability in Erlang/OTP SSH is being exploited. Palo Alto collected some of the details about this exploit activity that they observed. https://unit42.paloaltonetworks.com/erlang-otp-cve-2025-32433/ WinRAR Exploited WinRAR vulnerabilities are actively being exploited by a number of…
…
continue reading
Chubby Bunny! What do you do when one of your own could be compromised?
…
continue reading
1
SANS Stormcast Monday, August 11th, 2025: Fake Tesla Preorders; Bad USB Cameras; Win-DoS Epidemic
7:07
7:07
Play later
Play later
Lists
Like
Liked
7:07
Google Paid Ads for Fake Tesla Websites Someone is setting up fake Tesla lookalike websites that attempt to collect credit card data from unsuspecting users trying to preorder Tesla products. https://isc.sans.edu/diary/Google%20Paid%20Ads%20for%20Fake%20Tesla%20Websites/32186 Compromising USB Devices for Persistent Stealthy Access USB devices, like…
…
continue reading
1
SANS Stormcast Friday, August 8th, 2025:: ASN43350 Mass Scans; HTTP1.1 Must Die; Hyprid Exchange Vuln; Sonicwall Update; SANS.edu Research: OSS Security and Shifting Left
23:59
23:59
Play later
Play later
Lists
Like
Liked
23:59
Mass Internet Scanning from ASN 43350 Our undergraduate intern Duncan Woosley wrote up aggressive scans from ASN 43350 https://isc.sans.edu/diary/Mass+Internet+Scanning+from+ASN+43350+Guest+Diary/32180/#comments HTTP/1.1 Desync Attacks Portswigger released details about new types of HTTP/1.1 desync attacks it uncovered. These attacks are particular…
…
continue reading
1
SANS Stormcast Thursday, August 7th, 2025: Sextortion Update; Adobe and Trend Micro release emergency patches
5:06
5:06
Play later
Play later
Lists
Like
Liked
5:06
Do Sextortion Scams Still Work in 2025? Jan looked at recent sextortion emails to check if any of the crypto addresses in these emails received deposits. Sadly, some did, so these scams still work. https://isc.sans.edu/diary/Do%20sextortion%20scams%20still%20work%20in%202025%3F/32178 Akira Ransomware Group s use of Drivers Guidepoint Security obser…
…
continue reading
1
SANS Stormcast Wednesday, August 6th, 2025: Machinekeys and VIEWSTATEs; Perplexity Unethical Learning; SonicWall Updates
7:41
7:41
Play later
Play later
Lists
Like
Liked
7:41
Stealing Machinekeys for fun and profit (or riding the SharePoint wave) Bojan explains in detail how .NET uses Machine Keys to protect the VIEWSTATE, and how to abuse the VIEWSTATE for code execution if the Machine Keys are lost. https://isc.sans.edu/diary/Stealing%20Machine%20Keys%20for%20fun%20and%20profit%20%28or%20riding%20the%20SharePoint%20wa…
…
continue reading
1
SANS Stormcast Tuesday, August 05, 2025: Daily Trends Report; NVidia Triton RCE; Cursor AI Misconfiguration
6:48
6:48
Play later
Play later
Lists
Like
Liked
6:48
Daily Trends Report A new trends report will bring you daily data highlights via e-mail. https://isc.sans.edu/diary/New%20Feature%3A%20Daily%20Trends%20Report/32170 NVidia Triton RCE Wiz found an interesting information leakage vulnerability in NVidia s Triton servers that can be leveraged to remote code execution. https://www.wiz.io/blog/nvidia-tr…
…
continue reading
Anything but cars.... It’s time to unleash the most elaborate plan to catch Mul’ator off guard - or, the party plays the most dangerous game of ding dong ditch ever.
…
continue reading
1
SANS Stormcast Monday, August 4th, 2025: Legacy Protocols; Sonicwall SSL VPN Possible 0-Day;
5:17
5:17
Play later
Play later
Lists
Like
Liked
5:17
Scans for pop3user with guessable password A particular IP assigned to a network that calls itself Unmanaged has been scanning telnet/ssh for a user called pop3user with passwords pop3user or 123456 . I assume they are looking for legacy systems that either currently run pop3 or ran pop3 in the past, and left the user enabled. https://isc.sans.edu/…
…
continue reading
As the party continues to explore the underground passages of Mor Akkros, the pieces of the puzzle begin to come together. Will it lead to more answers or more questions? Find more of the Tabletop Talespinners Network and our sponsors here! Cast: GM - Jee Aelina - Jacqueline Cerridwen - Grace Khuvos - Emma Olwen - Andie Sage - Rosalie Suda - Winter…
…
continue reading
1
SANS Stormcast Friday, August 1st, 2025: Scattered Spider Domains; Excel Blocking Dangerous Links; CISA Releasing Thorium Platform
5:41
5:41
Play later
Play later
Lists
Like
Liked
5:41
Scattered Spider Related Domain Names A quick demo of our domain feeds and how they can be used to find Scattered Spider related domains https://isc.sans.edu/diary/Scattered+Spider+Related+Domain+Names/32162 Excel External Workbook Links to Blocked File Types Will Be Disabled by Default Excel will discontinue allowing links to dangerous file types …
…
continue reading
1
SANS Stormcast Thursday July 31st, 2025: Firebase Security; WebKit Vuln Exploited; Scattered Spider Update
6:40
6:40
Play later
Play later
Lists
Like
Liked
6:40
Securing Firebase: Lessons Re-Learned from the Tea Breach Inspried by the breach of the Tea app, Brendon Evans recorded a video to inform of Firebase security issues https://isc.sans.edu/diary/Securing%20Firebase%3A%20Lessons%20Re-Learned%20from%20the%20Tea%20Breach/32158 WebKit Vulnerability Exploited before Apple Patch A WebKit vulnerablity patch…
…
continue reading
1
SANS Stormcast Wednesday July 30th, 2025: Apple Updates; Python Triage; Papercut Vuln Exploited
6:44
6:44
Play later
Play later
Lists
Like
Liked
6:44
Apple Updates Everything: July 2025 Edition Apple released updates for all of its operating systems patching 89 different vulnerabilities. Many vulnerabilities apply to multiple operating systems. https://isc.sans.edu/diary/Apple%20Updates%20Everything%3A%20July%202025/32154 Python Triage A quick python script by Xavier to efficiently search throug…
…
continue reading
1
SANS Stormcast Tuesday, July 29th, 2025:Parasitic Exploits; Cisco ISE Exploit; MyASUS Vuln
5:35
5:35
Play later
Play later
Lists
Like
Liked
5:35
Parasitic SharePoint Exploits We are seeing attacks against SharePoint itself and attempts to exploit backdoors left behind by attackers. https://isc.sans.edu/diary/Parasitic%20Sharepoint%20Exploits/32148 Cisco ISE Vulnerability Exploited A recently patched vulnerability in Cisco ISE is now being exploited. The Zero Day Initiative has released a bl…
…
continue reading
Do I smell bacon? A night to remember, a morning to plan. Time for the unexpected.
…
continue reading
1
SANS Stormcast Monday, July 28th, 2025: Linux Namespaces; UI Automation Abuse; Autoswagger
5:39
5:39
Play later
Play later
Lists
Like
Liked
5:39
Linux Namespaces Linux namespaces can be used to control networking features on a process-by-process basis. This is useful when trying to present a different network environment to a process being analysed. https://isc.sans.edu/diary/Sinkholing%20Suspicious%20Scripts%20or%20Executables%20on%20Linux/32144 Coyote in the Wild: First-Ever Malware That …
…
continue reading
1
SANS Stormcast Friday, July 25th, 2025: ficheck.py; Mital and SonicWall Patches
5:20
5:20
Play later
Play later
Lists
Like
Liked
5:20
New File Integrity Tool: ficheck.py Jim created a new tool, ficheck.py, that can be used to verify file integrity. It is a drop-in replacement for an older tool, fcheck, which was written in Perl and no longer functions well on modern Linux distributions. https://isc.sans.edu/diary/New%20Tool%3A%20ficheck.py/32136 Mitel Vulnerability Mitel released…
…
continue reading
1
SANS Stormcast Thursday, July 24th, 2025: Reversing SharePoint Exploit; NPM “is” Compromise;
6:53
6:53
Play later
Play later
Lists
Like
Liked
6:53
Reversing SharePoint Toolshell Exploits CVE-2025-53770 and CVE-2025-53771 A quick walk-through showing how to decode the payload of recent SharePoint exploits https://isc.sans.edu/diary/Analyzing%20Sharepoint%20Exploits%20%28CVE-2025-53770%2C%20CVE-2025-53771%29/32138 Compromised JavaScript NPM is Package The popular npm package is was compromised …
…
continue reading
1
Brew Strong | Mixed Fermentation Part 1
1:28:52
1:28:52
Play later
Play later
Lists
Like
Liked
1:28:52
In this episode, the Brew Strong team tackle the complex world of mixed fermentation. With so much information in the world of wild and sour beers, it's gonna take at least two episodes to cover this fascinating topic. Tune in to part one here and get ready to get wild! Learn more about your ad choices. Visit megaphone.fm/adchoices…
…
continue reading
1
SANS Stormcast Wednesday, July 23rd, 2025: Sharepoint 2016 Patch; MotW Privacy and WinZip; Interlock Ransomware; Sophos Patches
6:17
6:17
Play later
Play later
Lists
Like
Liked
6:17
Microsoft Updates SharePoint Vulnerability Guidance CVE-2025-53770 and CVE-2025-53771 Microsoft released its update for SharePoint 2016, completing the updates across all currently supported versions. https://msrc.microsoft.com/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770/ WinZip MotW Privacy Starting with version 7.10…
…
continue reading
1
SANS Stormcast Tuesday, July 22nd, 2025: SharePoint Emergency Patches; How Long Does Patching Take; HPE Wifi Vuln; Zoho WorkDrive Abused
6:00
6:00
Play later
Play later
Lists
Like
Liked
6:00
Microsoft Released Patches for SharePoint Vulnerability CVE-2025-53770 CVE-2025-53771 Microsoft released a patch for the currently exploited SharePoint vulnerability. It also added a second CVE number identifying the authentication bypass vulnerability. https://msrc.microsoft.com/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-…
…
continue reading
Two teams left. Craigory and Nyx vs Geist and Rendo. One bake to claim the win. Roses. Lemons. Cats. Anything is possible on this weeks episode of Ye Olde Baking Competition. This is an Extras Episode! No context needed to enjoy.
…
continue reading
1
SANS Stormcast Monday July 21st, 2025: Sharepoint Exploited; Veeam Fake Voicemail Phish; Passkey Phishing Attack
8:05
8:05
Play later
Play later
Lists
Like
Liked
8:05
SharePoint Servers Exploited via 0-day CVE-2025-53770 Late last week, CodeWhite found a new remote code execution exploit against SharePoint. This vulnerability is now actively exploited. https://isc.sans.edu/diary/Critical+Sharepoint+0Day+Vulnerablity+Exploited+CVE202553770+ToolShell/32122/ Veeam Voicemail Phishing Attackers appear to impersonate …
…
continue reading
Battered and bruised, the party fights tooth and nail to escape the creatures lurking in the shadows. Meanwhile, Khuvos fights a verbal battle of his own. Find more of the Tabletop Talespinners Network and our sponsors here! Cast: GM - Jee Aelina - Jacqueline Cerridwen - Grace Khuvos - Emma Olwen - Andie Sage - Rosalie Suda - Winter Crew: Dialogue …
…
continue reading
1
SANS Stormcast Friday, July 18th, 2025: Extended File Attributes; Critical Cisco ISE Patch; VMWare Patches; Quarterly Oracle Patches
4:55
4:55
Play later
Play later
Lists
Like
Liked
4:55
Hiding Payloads in Linux Extended File Attributes Xavier today looked at ways to hide payloads on Linux, similar to how alternate data streams are used on Windows. Turns out that extended file attributes do the trick, and he presents some scripts to either hide data or find hidden data. https://isc.sans.edu/diary/Hiding%20Payloads%20in%20Linux%20Ex…
…
continue reading
1
SANS Stormcast Thursday, July 17th, 2025: catbox.moe abuse; Sonicwall Attacks; Rendering Issues
5:09
5:09
Play later
Play later
Lists
Like
Liked
5:09
More Free File Sharing Services Abuse The free file-sharing service catbox.moe is abused by malware. While it officially claims not to allow hosting of executables, it only checks extensions and is easily abused https://isc.sans.edu/diary/More%20Free%20File%20Sharing%20Services%20Abuse/32112 Ongoing SonicWall Secure Mobile Access (SMA) Exploitation…
…
continue reading
1
SANS Stormcast Wednesday, July 16th, 2025: ADS Keystroke Logger; Fake Homebrew; Broadcom Altiris RCE; Malicious Cursor AI Extensions
5:45
5:45
Play later
Play later
Lists
Like
Liked
5:45
Keylogger Data Stored in an ADS Xavier came across a keystroke logger that stores data in alternate data streams. The data includes keystroke logs as well as clipboard data https://isc.sans.edu/diary/Keylogger%20Data%20Stored%20in%20an%20ADS/32108 Malvertising Homebrew An attacker has been attempting to trick users into installing a malicious versi…
…
continue reading
1
SANS Stormcast Monday, July 14th, 2025: Web Honeypot Log Volume; Browser Extension Malware; RDP Forensics
6:10
6:10
Play later
Play later
Lists
Like
Liked
6:10
DShield Honeypot Log Volume Increase Within the last few months, there has been a dramatic increase in honeypot log volumes and how often these high volumes are seen. This has not just been from Jesse s residential honeypot, which has historically seen higher log volumes, but from all of the honeypots that Jesse runs. https://isc.sans.edu/diary/DSh…
…
continue reading
Strikers, Casters, and Wolves - oh my! A telling tapestry of trauma, when the laundry hangs out to dry the party learns it may be time to put their own on the line...
…
continue reading
1
SANS Stormcast Monday, July 14th, 2025: Suspect Domain Feed; Wing FTP Exploited; FortiWeb Exploited; NVIDIA GPU Rowhammer
6:53
6:53
Play later
Play later
Lists
Like
Liked
6:53
Experimental Suspicious Domain Feed Our new experimental suspicious domain feed uses various criteria to identify domains that may be used for phishing or other malicious purposes. https://isc.sans.edu/diary/Experimental%20Suspicious%20Domain%20Feed/32102 Wing FTP Server RCE Vulnerability Exploited CVE-2025-47812 Huntress saw active exploitation of…
…
continue reading
1
SANS Stormcast Friday, July 11th, 2025: SSH Tunnel; FortiWeb SQL Injection; Ruckus Unpatched Vuln; Missing Motherboard Patches;
5:48
5:48
Play later
Play later
Lists
Like
Liked
5:48
SSH Tunneling in Action: direct-tcp requests Attackers are compromising ssh servers to abuse them as relays. The attacker will configure port forwarding direct-tcp connections to forward traffic to a victim. In this particular case, the Yandex mail server was the primary victim of these attacks. https://isc.sans.edu/diary/SSH%20Tunneling%20in%20Act…
…
continue reading
1
SANS Stormcast Thursday, July 10th, 2025: Internal CA with ACME; TapJacking on Android; Adobe Patches;
5:18
5:18
Play later
Play later
Lists
Like
Liked
5:18
Setting up Your Own Certificate Authority for Development: Why and How. Some tips on setting up your own internal certificate authority using the smallstep CA. https://isc.sans.edu/diary/Setting%20up%20Your%20Own%20Certificate%20Authority%20for%20Development%3A%20Why%20and%20How./32092 Animation-Driven Tapjacking on Android Attackers can use a clic…
…
continue reading
1
SANS Stormcast Wednesday, July 9th, 2025: Microsoft Patches; Opposum Attack;
7:44
7:44
Play later
Play later
Lists
Like
Liked
7:44
Microsoft Patch Tuesday, July 2025 Today, Microsoft released patches for 130 Microsoft vulnerabilities and 9 additional vulnerabilities not part of Microsoft's portfolio but distributed by Microsoft. 14 of these are rated critical. Only one of the vulnerabilities was disclosed before being patched, and none of the vulnerabilities have so far been e…
…
continue reading
1
SANS Stormcast Tuesday, July 8th, 2025: Detecting Filename (Windows); Atomic Stealer now with Backdoor; SEO Scams
5:29
5:29
Play later
Play later
Lists
Like
Liked
5:29
What s My File Name Malware may use the GetModuleFileName API to detect if it was renamed to a name typical for analysis, like sample.exe or malware.exe https://isc.sans.edu/diary/What%27s%20My%20%28File%29Name%3F/32084 Atomic macOS infostealer adds backdoor for persistent attacks Malware analyst discovered a new version of the Atomic macOS info-st…
…
continue reading
Morphine, anyone? The clash continues - It will take a true badass to turn the tides.... wait what is Craigory doing?
…
continue reading
