TA18-149A: HIDDEN COBRA – Joanap Backdoor Trojan and Brambul Server Message Block Worm

This post was originally published on this site

Original release date: May 29, 2018 | Last revised: May 31, 2018

Systems Affected

Network systems

Overview

This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). Working with U.S. government partners, DHS and FBI identified Internet Protocol (IP) addresses and other indicators of compromise (IOCs) associated with two families of malware used by the North Korean government:

  • a remote access tool (RAT), commonly known as Joanap; and
  • a Server Message Block (SMB) worm, commonly known as Brambul.

The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA. For more information on HIDDEN COBRA activity, visit https://www.us-cert.gov/hiddencobra.

FBI has high confidence that HIDDEN COBRA actors are using the IP addresses—listed in this report’s IOC files—to maintain a presence on victims’ networks and enable network exploitation. DHS and FBI are distributing these IP addresses and other IOCs to enable network defense and reduce exposure to any North Korean government malicious cyber activity.

This alert also includes suggested response actions to the IOCs provided, recommended mitigation techniques, and information on how to report incidents. If users or administrators detect activity associated with these malware families, they should immediately flag it, report it to the DHS National Cybersecurity and Communications Integration Center (NCCIC) or the FBI Cyber Watch (CyWatch), and give it the highest priority for enhanced mitigation.

See the following links for a downloadable copy of IOCs:

NCCIC conducted analysis on four malware samples and produced a Malware Analysis Report (MAR). MAR-10135536.3 – RAT/Worm examines the tactics, techniques, and procedures observed in the malware. Visit MAR-10135536.3 – HIDDEN COBRA RAT/Worm for the report and associated IOCs.

Description

According to reporting of trusted third parties, HIDDEN COBRA actors have likely been using both Joanap and Brambul malware since at least 2009 to target multiple victims globally and in the United States—including the media, aerospace, financial, and critical infrastructure sectors. Users and administrators should review the information related to Joanap and Brambul from the Operation Blockbuster Destructive Malware Report [1] in conjunction with the IP addresses listed in the .csv and .stix files provided within this alert. Like many of the families of malware used by HIDDEN COBRA actors, Joanap, Brambul, and other previously reported custom malware tools, may be found on compromised network nodes. Each malware tool has different purposes and functionalities.

Joanap malware is a fully functional RAT that is able to receive multiple commands, which can be issued by HIDDEN COBRA actors remotely from a command and control server. Joanap typically infects a system as a file dropped by other HIDDEN COBRA malware, which users unknowingly downloaded either when they visit sites compromised by HIDDEN COBRA actors, or when they open malicious email attachments.

During analysis of the infrastructure used by Joanap malware, the U.S. Government identified 87 compromised network nodes. The countries in which the infected IP addresses are registered are as follows:

  • Argentina
  • Belgium
  • Brazil
  • Cambodia
  • China
  • Colombia
  • Egypt
  • India
  • Iran
  • Jordan
  • Pakistan
  • Saudi Arabia
  • Spain
  • Sri Lanka
  • Sweden
  • Taiwan
  • Tunisia

Malware often infects servers and systems without the knowledge of system users and owners. If the malware can establish persistence, it could move laterally through a victim’s network and any connected networks to infect nodes beyond those identified in this alert.

Brambul malware is a brute-force authentication worm that spreads through SMB shares. SMBs enable shared access to files between users on a network. Brambul malware typically spreads by using a list of hard-coded login credentials to launch a brute-force password attack against an SMB protocol for access to a victim’s networks.

Technical Details

Joanap

Joanap is a two-stage malware used to establish peer-to-peer communications and to manage botnets designed to enable other operations. Joanap malware provides HIDDEN COBRA actors with the ability to exfiltrate data, drop and run secondary payloads, and initialize proxy communications on a compromised Windows device. Other notable functions include

  • file management,
  • process management,
  • creation and deletion of directories, and
  • node management.

Analysis indicates the malware encodes data using Rivest Cipher 4 encryption to protect its communication with HIDDEN COBRA actors. Once installed, the malware creates a log entry within the Windows System Directory in a file named mssscardprv.ax. HIDDEN COBRA actors use this file to capture and store victims’ information such as the host IP address, host name, and the current system time.

Brambul

Brambul malware is a malicious Windows 32-bit SMB worm that functions as a service dynamic link library file or a portable executable file often dropped and installed onto victims’ networks by dropper malware. When executed, the malware attempts to establish contact with victim systems and IP addresses on victims’ local subnets. If successful, the application attempts to gain unauthorized access via the SMB protocol (ports 139 and 445) by launching brute-force password attacks using a list of embedded passwords. Additionally, the malware generates random IP addresses for further attacks.

Analysts suspect the malware targets insecure or unsecured user accounts and spreads through poorly secured network shares. Once the malware establishes unauthorized access on the victim’s systems, it communicates information about victim’s systems to HIDDEN COBRA actors using malicious email addresses. This information includes the IP address and host name—as well as the username and password—of each victim’s system. HIDDEN COBRA actors can use this information to remotely access a compromised system via the SMB protocol.

Analysis of a newer variant of Brambul malware identified the following built-in functions for remote operations:

  • harvesting system information,
  • accepting command-line arguments,
  • generating and executing a suicide script,
  • propagating across the network using SMB,
  • brute forcing SMB login credentials, and
  • generating Simple Mail Transport Protocol email messages containing target host system information.

Detection and Response

This alert’s IOC files provide HIDDEN COBRA IOCs related to Joanap and Brambul. DHS and FBI recommend that network administrators review the information provided, identify whether any of the provided IP addresses fall within their organizations’ allocated IP address space, and—if found—take necessary measures to remove the malware.

When reviewing network perimeter logs for the IP addresses, organizations may find instances of these IP addresses attempting to connect to their systems. Upon reviewing the traffic from these IP addresses, system owners may find some traffic relates to malicious activity and some traffic relates to legitimate activity.

Impact

A successful network intrusion can have severe impacts, particularly if the compromise becomes public. Possible impacts include

  • temporary or permanent loss of sensitive or proprietary information,
  • disruption to regular operations,
  • financial losses incurred to restore systems and files, and
  • potential harm to an organization’s reputation.

Solution

Mitigation Strategies

DHS recommends that users and administrators use the following best practices as preventive measures to protect their computer networks:

  • Keep operating systems and software up-to-date with the latest patches. Most attacks target vulnerable applications and operating systems. Patching with the latest updates greatly reduces the number of exploitable entry points available to an attacker.
  • Maintain up-to-date antivirus software, and scan all software downloaded from the internet before executing.
  • Restrict users’ abilities (permissions) to install and run unwanted software applications, and apply the principle of least privilege to all systems and services. Restricting these privileges may prevent malware from running or limit its capability to spread through the network.
  • Scan for and remove suspicious email attachments. If a user opens a malicious attachment and enables macros, embedded code will execute the malware on the machine. Enterprises and organizations should consider blocking email messages from suspicious sources that contain attachments. For information on safely handling email attachments, see Using Caution with Email Attachments. Follow safe practices when browsing the web. See Good Security Habits and Safeguarding Your Data for additional details.
  • Disable Microsoft’s File and Printer Sharing service, if not required by the user’s organization. If this service is required, use strong passwords or Active Directory authentication. See Choosing and Protecting Passwords for more information on creating strong passwords.
  • Enable a personal firewall on organization workstations and configure it to deny unsolicited connection requests.

Response to Unauthorized Network Access

Contact DHS or your local FBI office immediately. To report an intrusion and request resources for incident response or technical assistance, contact DHS NCCIC (NCCICCustomerService@hq.dhs.gov or 888-282-0870), FBI through a local field office, or FBI’s Cyber Division (CyWatch@fbi.gov or 855-292-3937).

References

Revision History

  • May 29, 2018: Initial version
  • May 31, 2018: Uploaded updated STIX and CSV files

This product is provided subject to this Notification and this Privacy & Use policy.

TA18-145A: Cyber Actors Target Home and Office Routers and Networked Devices Worldwide

This post was originally published on this site

Original release date: May 25, 2018 | Last revised: June 07, 2018

Systems Affected

  • Small office/home office (SOHO) routers
  • Networked devices
  • Network-attached storage (NAS) devices

Overview

Cybersecurity researchers have identified that foreign cyber actors have compromised hundreds of thousands of home and office routers and other networked devices worldwide [1] [2] [3]. The actors used VPNFilter malware to target small office/home office (SOHO) routers. VPNFilter malware uses modular functionality to collect intelligence, exploit local area network (LAN) devices, and block actor-configurable network traffic. Specific characteristics of VPNFilter have only been observed in the BlackEnergy malware, specifically BlackEnergy versions 2 and 3.

The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) recommend that owners of SOHO routers power cycle (reboot) SOHO routers and networked devices to temporarily disrupt the malware.

DHS and FBI encourage SOHO router owners to report information concerning suspicious or criminal activity to their local FBI field office or the FBI’s 24/7 Cyber Watch (CyWatch). Field office contacts can be identified at www.fbi.gov/contact-us/field. CyWatch can be contacted by phone at 855-292-3937 or by email at CyWatch@fbi.gov. Each submitted report should include as much informaiton as possible, specifically the date, time, location, type of activity, number of people, the type of equipment used for the activity, the name of the submitting company or organization, and a designated point of contact.

Description

The size and scope of this infrastructure impacted by VPNFilter malware is significant. The persistent VPNFilter malware linked to this infrastructure targets a variety of SOHO routers and network-attached storage devices. The initial exploit vector for this malware is currently unknown.

The malware uses a modular functionality on SOHO routers to collect intelligence, exploit LAN devices, and block actor-configurable network traffic. The malware can render a device inoperable, and has destructive functionality across routers, network-attached storage devices, and central processing unit (CPU) architectures running embedded Linux. The command and control mechanism implemented by the malware uses a combination of secure sockets layer (SSL) with client-side certificates for authentication and TOR protocols, complicating network traffic detection and analysis.

Impact

Negative consequences of VPNFilter malware infection include:

  • temporary or permanent loss of sensitive or proprietary information,
  • disruption to regular operations,
  • financial losses incurred to restore systems and files, and
  • potential harm to an organization’s reputation.

Solution

DHS and FBI recommend that all SOHO router owners power cycle (reboot) their devices to temporarily disrupt the malware.

Network device management interfaces—such as Telnet, SSH, Winbox, and HTTP—should be turned off for wide-area network (WAN) interfaces, and, when enabled, secured with strong passwords and encryption. Network devices should be upgraded to the latest available versions of firmware, which often contain patches for vulnerabilities.

Rebooting affected devices will cause non-persistent portions of the malware to be removed from the system. Network defenders should ensure that first-stage malware is removed from the devices, and appropriate network-level blocking is in place prior to rebooting affected devices. This will ensure that second stage malware is not downloaded again after reboot.

While the paths at each stage of the malware can vary across device platforms, processes running with the name “vpnfilter” are almost certainly instances of the second stage malware. Terminating these processes and removing associated processes and persistent files that execute the second stage malware would likely remove this malware from targeted devices.

References

Revision History

  • May 25, 2018: Initial Version
  • June 7, 2018: Added link to June 6, 2018 Cisco Talos blog update on VPNFilter

This product is provided subject to this Notification and this Privacy & Use policy.

Esxi upgrade from 5.5 to 6.0U3 HPE custom offline bundle VMware-ESXi-6.0.0-Update3-6921384-HPE-600.10.2.0.23-Feb2018-depot.zip requires VSAN?

This post was originally published on this site

Hello all,

 

I am trying to upgrade one of my HPDL 380 G7 servers from Esxi Ver 5.5 to Esxi ver 6.0U3 using the esxcli and the VMware-ESXi-6.0.0-Update3-6921384-HPE-600.10.2.0.23-Feb2018-depot.zip.

 

I SSH into box and run

 

#esxcli software vib update -d “/vmfs/volumes/mydatastore/VMware-ESXi-6.0.0-Update3-6921384-HPE-600.10.2.0.23-Feb2018-depot.zip”

 

I receive the following about VSAN being required??

[DependencyError]

VIB VMware_bootbank_esx-base_6.0.0-3.79.6921384 requires vsan >= 6.0.0-3.79, but the requirement cannot be satisfied within the ImageProfile.

VIB VMware_bootbank_esx-base_6.0.0-3.79.6921384 requires vsan << 6.0.0-3.80, but the requirement cannot be satisfied within the ImageProfile.

Please refer to the log file for more details.

 

Can anyone provide any insight on how I can resolve this error and get my Dl380 G7 server to upgrade to esxi 6.0U3?

 

Much appreciated

TA18-141A: Side-Channel Vulnerability Variants 3a and 4

This post was originally published on this site

Original release date: May 21, 2018 | Last revised: May 22, 2018

Systems Affected

CPU hardware implementations

Overview

On May 21, 2018, new variants of the side-channel central processing unit (CPU) hardware vulnerabilities known as Spectre and Meltdown were publicly disclosed. These variants—known as 3A and 4—can allow an attacker to obtain access to sensitive information on affected systems.

Description

Common CPU hardware implementations are vulnerable to the side-channel attacks known as Spectre and Meltdown. Meltdown is a bug that “melts” the security boundaries normally enforced by the hardware, affecting desktops, laptops, and cloud computers. Spectre is a flaw that an attacker can exploit to force a CPU to reveal its data.

Variant 3a is a vulnerability that may allow an attacker with local access to speculatively read system parameters via side-channel analysis and obtain sensitive information.

Variant 4 is a vulnerability that exploits “speculative bypass.” When exploited, Variant 4 could allow an attacker to read older memory values in a CPU’s stack or other memory locations. While implementation is complex, this side-channel vulnerability could allow less privileged code to

  • Read arbitrary privileged data; and
  • Run older commands speculatively, resulting in cache allocations that could be used to exfiltrate data by standard side-channel methods.

Corresponding CVEs for Side-Channel Variants 1, 2, 3, 3a, and 4 are found below:

  • Variant 1: Bounds Check Bypass – CVE-2017-5753
  • Variant 2: Branch Target Injection – CVE-2017-5715
  • Variant 3: Rogue Data Cache Load – CVE-2017-5754
  • Variant 3a: Rogue System Register Read – CVE-2018-3640  
  • Variant 4: Speculative Store Bypass – CVE-2018-3639

Impact

Side-Channel Vulnerability Variants 3a and 4 may allow an attacker to obtain access to sensitive information on affected systems.

Solution

Mitigation

NCCIC recommends users and administrators

  • Refer to their hardware and software vendors for patches or microcode,
  • Use a test environment to verify each patch before implementing, and
  • Ensure that performance is monitored for critical applications and services.
    • Consult with vendors and service providers to mitigate any degradation effects, if possible.
    • Consult with Cloud Service Providers to mitigate and resolve any impacts resulting from host operating system patching and mandatory rebooting, if applicable.

The following table contains links to advisories and patches published in response to the vulnerabilities. This table will be updated as information becomes available.

Link to Vendor Information Date Added
AMD May 21, 2018
ARM May 21, 2018
Intel May 22, 2018
Microsoft May 21, 2018
Redhat May 21, 2018

References

Revision History

  • May 21, 2018: Initial version
  • May 22, 2018: Added information and link to Intel in table

This product is provided subject to this Notification and this Privacy & Use policy.

DSC Resource Kit Release May 2018

This post was originally published on this site

We just released the DSC Resource Kit!

This release includes updates to 12 DSC resource modules. In these past 6 weeks, 52 pull requests have been merged and 63 issues have been closed, all thanks to our amazing community!

The modules updated in this release are:

  • ActiveDirectoryCSDsc (previously xAdcsDeployment)
  • CertificateDsc (previously xCertificate)
  • ComputerManagementDsc (previously xComputerManagement)
  • DFSDsc (previously xDFS)
  • SqlServerDsc
  • xDnsServer
  • xDscResourceDesigner
  • xExchange
  • xNetworking
  • xPendingReboot
  • xSMBShare
  • xWebAdministration

For a detailed list of the resource modules and fixes in this release, see the Included in this Release section below.

Our last community call for the DSC Resource Kit was on April 25. A recording of our updates will be available on YouTube soon. Join us for the next call at 12PM (Pacific time) on June 6 to ask questions and give feedback about your experience with the DSC Resource Kit.

We strongly encourage you to update to the newest version of all modules using the PowerShell Gallery, and don’t forget to give us your feedback in the comments below, on GitHub, or on Twitter (@PowerShell_Team)!

Please see our documentation here for information on the support of these resource modules.

Included in this Release

You can see a detailed summary of all changes included in this release in the table below. For past release notes, go to the README.md or Changelog.md file on the GitHub repository page for a specific module (see the How to Find DSC Resource Modules on GitHub section below for details on finding the GitHub page for a specific module).

Module Name Version Release Notes
ActiveDirectoryCSDsc
(previously xAdcsDeployment)
2.0.0.0
  • BREAKING CHANGE: Renamed module to ActiveDirectoryCSDsc – see issue 38
  • Enabled PSSA rule violations to fail build – Fixes Issue 44.
CertificateDsc
(previously xCertificate)
4.0.0.0
  • BREAKING CHANGE
    • Renamed xCertificate to CertificateDsc – fixes Issue 114.
    • Changed all MSFT_xResourceName to MSFT_ResourceName.
    • Updated DSCResources, Examples, Modules and Tests for new naming.
    • Updated Year to 2018 in License and Manifest.
    • Updated README.md from xCertificate to CertifcateDsc
    • Removed unnecessary code from:
      • CertificateDscModulesCertificateDscDSCResourcesMSFT_CertReqMSFT_CertReq.psm1
        • Deleted $rspPath = [System.IO.Path]::ChangeExtension($workingPath, “.rsp”)
ComputerManagementDsc
(previously xComputerManagement)
5.0.0.0
  • BREAKING CHANGE:
    • Renamed ComputerManagement to ComputerManagementDsc – fixes Issue 119.
    • Changed all MSFT_xResourceName to MSFT_ResourceName.
    • Updated DSCResources, Examples, Modules and Tests with new naming.
    • Updated Year to 2018 in License and Manifest.
    • Updated README.md from xComputerManagement to ComputerManagementDsc.
  • OfflineDomainJoin:
    • Cleaned up spacing in strings file to make consistent with other resources.
  • VirtualMemory:
    • Converted strings to single quotes in integration test.
DFSDsc
(previously xDFS)
4.0.0.0
  • BREAKING CHANGE
    • Renamed xDFS to DFSDsc – fixes Issue 55.
    • Changed all MSFT_xResourceName to MSFT_DFSResourceName.
    • Updated DSCResources, Examples, Modules and Tests for new naming.
    • Updated Year to 2018 in License and Manifest.
    • Changed all ModulesDFSDscExamplesResources to DFSResourceName.
  • Added the VS Code PowerShell extension formatting settings that cause PowerShell files to be formatted as per the DSC Resource kit style guidelines.
  • Improve layout of badge area in README.MD.
  • Disabled MD013 rule checking to enable badge table.
  • Updated Year to 2017 in License and Manifest.
  • Added .github support files:
    • CONTRIBUTING.md
    • ISSUE_TEMPLATE.md
    • PULL_REQUEST_TEMPLATE.md
  • Opted into Common Tests “Validate Module Files” and “Validate Script Files”.
  • Converted files with UTF8 with BOM over to UTF8 – fixes Issue 47.
  • Added Documentation and Examples section to Readme.md file – see issue 49.
  • Prevent unit tests from DSCResource.Tests from running during test execution – fixes Issue 51.
  • Updated tests to meet Pester V4 guidelines – fixes Issue 53.
SqlServerDsc 11.2.0.0
  • Changes to SqlServerDsc
    • Added new test helper functions in the CommonTestHelpers module. These are used by the integration tests.
      • New-IntegrationLoopbackAdapter: Installs the PowerShell module “LoopbackAdapter” from PowerShell Gallery and creates a new network loopback adapter.
      • Remove-IntegrationLoopbackAdapter: Removes a new network loopback adapter.
      • Get-NetIPAddressNetwork: Returns the IP network address from an IPv4 address and prefix length.
    • Enabled PSSA rule violations to fail build in the CI environment.
    • Renamed SqlServerDsc.psd1 to be consistent (issue 1116). Glenn Sarti (@glennsarti)
  • Changes to Unit Tests
  • Changes to SqlAlwaysOnService
    • Updated the integration tests to use a loopback adapter to be less intrusive in the build worker environment.
    • Minor code cleanup in integration test, fixed the scope on variable.
  • Changes to SqlSetup
    • Updated the integration tests to stop some services after each integration test. This is to save memory on the AppVeyor build worker.
    • Updated the integration tests to use a SQL Server 2016 Service Pack 1.
    • Fixed Script Analyzer rule error.
  • Changes to SqlRS
    • Updated the integration tests to stop the Reporting Services service after the integration test. This is to save memory on the AppVeyor build worker.
    • The helper function Restart-ReportingServicesService should no longer timeout when restarting the service (issue 1114).
  • Changes to SqlServiceAccount
    • Updated the integration tests to stop some services after each integration test. This is to save memory on the AppVeyor build worker.
  • Changes to SqlServerDatabaseMail
    • Fixed Script Analyzer rule error.
xDnsServer 1.10.0.0
xDscResourceDesigner 1.10.0.0
  • Converted appveyor.yml to install Pester from PSGallery instead of from Chocolatey.
  • Helper function Test-xDscSchemaEncoding now supports PowerShell Core (issue 64).
  • Changed README.md encoding to UTF8.
xExchange 1.20.0.0
  • Fix issue where test of type Microsoft.Exchange.Data.Unlimited fails
xNetworking 5.7.0.0
  • Enabled PSSA rule violations to fail build – Fixes Issue 320.
  • MSFT_xNetAdapterAdvancedProperty:
    • Enabled setting the same property on multiple network adapters – Fixes issue 324.
xPendingReboot 0.4.0.0
  • Converted appveyor.yml to install Pester from PSGallery instead of from Chocolatey.
  • Fixes registry not being evaluated correctly.
  • Fixes failing tests introduced in changes to Pester 4.
  • Change layout of parameters to compile with style guide.
xSMBShare 2.1.0.0
  • Corrected typo on ShareState and ShareType descriptions (Specfies -> Specifies)
xWebAdministration 1.20.0.0
  • Fix Get-DscConfiguration failure with xWebApplication and xWebSite resources (issue 302 and issue 314).
  • Add Codecov support.
  • Added .vscodesettings.json so that code can be easily formatted in VSCode closer according to the style guideline.
  • Updated README.md with a branches section, and added Codecov badges.
  • Fix unit test for helper function Find-Certificate that could not find the test helper function Install-NewSelfSignedCertificateExScript.
  • Fix unit tests for xWebSite that failed because Get-Command and “Stop-WebStie` wasn”t properly mocked.

How to Find Released DSC Resource Modules

To see a list of all released DSC Resource Kit modules, go to the PowerShell Gallery and display all modules tagged as DSCResourceKit. You can also enter a module’s name in the search box in the upper right corner of the PowerShell Gallery to find a specific module.

Of course, you can also always use PowerShellGet (available in WMF 5.0) to find modules with DSC Resources:

# To list all modules that tagged as DSCResourceKit
Find-Module -Tag DSCResourceKit 
# To list all DSC resources from all sources 
Find-DscResource

Please note only those modules released by the PowerShell Team are currently considered part of the ‘DSC Resource Kit’ regardless of the presence of the ‘DSC Resource Kit’ tag in the PowerShell Gallery.

To find a specific module, go directly to its URL on the PowerShell Gallery:
http://www.powershellgallery.com/packages/< module name >
For example:
http://www.powershellgallery.com/packages/xWebAdministration

How to Install DSC Resource Modules From the PowerShell Gallery

We recommend that you use PowerShellGet to install DSC resource modules:

Install-Module -Name < module name >

For example:

Install-Module -Name xWebAdministration

To update all previously installed modules at once, open an elevated PowerShell prompt and use this command:

Update-Module

After installing modules, you can discover all DSC resources available to your local system with this command:

Get-DscResource

How to Find DSC Resource Modules on GitHub

All resource modules in the DSC Resource Kit are available open-source on GitHub.
You can see the most recent state of a resource module by visiting its GitHub page at:
https://github.com/PowerShell/< module name >
For example, for the xCertificate module, go to:
https://github.com/PowerShell/xCertificate.

All DSC modules are also listed as submodules of the DscResources repository in the xDscResources folder.

How to Contribute

You are more than welcome to contribute to the development of the DSC Resource Kit! There are several different ways you can help. You can create new DSC resources or modules, add test automation, improve documentation, fix existing issues, or open new ones.
See our contributing guide for more info on how to become a DSC Resource Kit contributor.

If you would like to help, please take a look at the list of open issues for the DscResources repository.
You can also check issues for specific resource modules by going to:
https://github.com/PowerShell/< module name >/issues
For example:
https://github.com/PowerShell/xPSDesiredStateConfiguration/issues

Your help in developing the DSC Resource Kit is invaluable to us!

Questions, comments?

If you’re looking into using PowerShell DSC, have questions or issues with a current resource, or would like a new resource, let us know in the comments below, on Twitter (@PowerShell_Team), or by creating an issue on GitHub.

Katie Keim
Software Engineer
PowerShell DSC Team
@katiedsc (Twitter)
@kwirkykat (GitHub)