meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Friday, June 29th 2018

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 29 June 2018

⏱️ 6 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Nice Miners; Disassembling Webassembly; Spectre Browser Bypass; Gentoo Github Repo Takeover

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Friday, June 29, 2018 edition of the Sansonet Storm Center's Stormcast. My name is Johannes Orrich, and today I'm recording from Jacksonville, Florida.

0:13.1

Today in inspecting some of the latest malware that was trapped in some of my honeypots, I came across a crypto coin miner that did things

0:23.5

a little bit different than sort of your traditional miners. First of all, this particular

0:28.9

miner does check if the CPU has support for the AS instruction set. So essentially, AS encryption

0:37.0

is built into the CPU. Many modern CPUs

0:41.3

do provide this feature. And this particular attacker will download a specific version of the

0:47.6

miner that does take advantage of this feature increasing the hash rate. In addition, this particular miner does adjust the number

0:56.8

of threats that are being set up by the miner to have the number of the CPU cores available,

1:04.8

probably not to overload the CPU and to remain more stealthy. WebAssembly or short Wasam has been showing up in browsers over the last year or so and yes,

1:19.2

there are some first applications that take advantage of this new feature.

1:25.6

WebAssembly is essentially bytecode compiled JavaScript, so it's more

1:31.0

compact and is also supposed to execute faster. At this point of course, one of the very prominent

1:37.3

application of WebAssembly is some of these crypto coin miners that are used in these ever popular cryptojacking attacks.

1:48.3

Now, once you run into WASM, the next question, of course, is, is it possible to decompile

1:55.8

and analyze these scripts?

1:57.7

Turns out it's not really all that hard.

2:00.5

The Chrome debugger will take care of it for you.

2:04.5

So really not that difficult. Now, there are a couple of practical issues with this. For example,

2:10.8

function names will be gone. Instead, each function just has a number. So the code may be a little bit

2:17.1

more difficult to read than

2:19.0

looking at the source code for the particular application. John Bergbaum from Forcepoint

2:25.7

has written a real nice blog post about WebAssembly how to analyze it and how it sort of works. So if you're into web application security,

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.