4.9 • 696 Ratings
🗓️ 10 February 2023
⏱️ 5 minutes
🧾️ Download transcript
Click on a timestamp to play from that location
0:00.0 | Hello and welcome to the Friday, February 10th, 2020, |
0:04.9 | 3 edition of the Sands and its Storms owners Stormcast. My name is Johannes Ulrich |
0:10.6 | and I'm recording from Jacksonville, Florida. |
0:15.0 | Xavier today looked at the interesting Python matter that takes screenshots off a victim's system. |
0:22.6 | Now, what's different in this particular case is that it's not just taking a screenshot |
0:27.7 | every minute or something like this, and it's not really waiting for a command from |
0:33.9 | a command control server to take the screenshot. |
0:38.0 | Instead, it actually interacts with the Windows Events system |
0:43.3 | and does take screenshots whenever a user clicks with the mouse on something |
0:49.4 | and then just takes a screenshot of the area around the mouse click. |
0:55.2 | This is of course a lot more efficient and more likely to get you interesting screenshots |
1:00.5 | as a part of your data collection efforts without overwhelming you with tons of data |
1:06.9 | that you would get if you would get of the same kind of information with just |
1:11.5 | taking entire screenshots every second, every minute, and of course, many of them wouldn't |
1:17.9 | really show anything interesting or different. Interesting approach here, and of course, |
1:22.5 | all written in Python, which makes it, well, at least within the Windows environment, rather portable. |
1:29.9 | The event hooks and such are Windows-specific. |
1:34.6 | And then we got a patch for KeyPass, the password manager. |
1:38.9 | The issue here is vulnerability that was disclosed about a week ago. |
1:45.0 | Now, whether or not it was actually a vulnerability, |
1:48.0 | was a little bit disputed. |
1:49.0 | The problem here was that the attacker who would be able |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2025.