Hello, welcome to the Friday, June 5th, 2020 edition of the Sandcent Storm Centers, Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

Xavier did a quick write-up today about a new technique that he has seen by matter to detect debuggers and that's guard pages. Guard pages are memory

pages that have the page guard flag set and whenever these pages are accessed then a status

guard. Page violation exception is triggered. So this can be used to detect if or if not

there is a debugger present and the malware can then react respectively. So for more details,

take a look at Xavier's diary. And then we got a couple of updates to our data feeds.

First of all, I had to suspend our suspicious domain feed, which I know is quite popular.

But the problem was that in recent months, some of the feeds that this feed, which is really

just an aggregate of different other feeds,

so relied on, have really degraded and become less and less useful.

Peter from DNS filter noticed this and notified us.

So I decided for now it's better to just suspend this feed.

We are working on trying to resurrect it with different input

feeds, but it may take a while to get it all set up. If you have any feedback or any sort of

feats you would like us to base it on, please let us know. And also I added more researcher IPs to our research feed that you can

request via our API. About 150 different IP addresses that are part of IPIP.net have seen them

scan quite a bit in recent times. So you will now have these IP addresses included as well.

Now, if you haven't heard of IPIP.net, it's probably because the company is based out of China.

Now, they do have somewhat global ambitions, but outside China, it's probably usually maximized what people are using

for geolocation services.

And remember how at one point there were proposals out there where spammers would essentially

...