ISC StormCast for Friday, May 10th, 2024
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 10 May 2024
⏱️ 6 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello and welcome to the Friday, May 10th, 2020, 4 edition of the Santernet Storm Center's Stormcast. |
| 0:08.4 | My name is Johannes Orich, and I'm recording from San Diego, California. |
| 0:14.8 | You've got a great diary today by Didi, where yet again, he is improving one of his tools. |
| 0:21.7 | If you're analyzing a PDF, there may be multiple PDF streams present. |
| 0:28.6 | The old tool PDF parser.Py did allow you to extract individual streams, but well, if there are a lot of them, that's kind of tedious. |
| 0:37.3 | So users asked for all of the PDF streams. individual streams, but well, if there are a lot of them, that's kind of tedious, so users |
| 0:38.9 | asked for all of the PDF streams to be exported as at once, and that's exactly what |
| 0:47.5 | did he added in version 079 of PDF parser.py. |
| 0:55.0 | Even better, the output is in JSON format that can then be post-processed with other tools in DDA's |
| 1:03.0 | famous toolset. So you can decompress, you can analyze the mind type of different streams and all of this, |
| 1:13.8 | all by just piping JSON output from one tool into the next to further process the data. |
| 1:20.8 | Nice examples here from Didi as part of the diary, if you're interested in more details. |
| 1:30.9 | And F5 published an update for its next central manager product. Next is the name of |
| 1:38.8 | product series for F5, which of the next generation of products. And central manager is the tool that you're |
| 1:46.1 | using to administer these different products. The vulnerabilities were found by Eclipse |
| 1:52.7 | and their total of five vulnerabilities, but only two of them received CVE numbers. These two |
| 2:00.7 | vulnerabilities are sequel injection vulnerabilities. One of them received CVE numbers. These two vulnerabilities are SQL injection vulnerabilities. |
| 2:03.6 | One of them actually requires LDAP to be enabled. The second one apparently doesn't. |
| 2:10.6 | These SQL injection vulnerabilities are explained in Eclipseum's blog post, including a proof of concept that does retrieve the |
| 2:21.3 | admin's password hash. The other vulnerabilities are less severe, which is why they may not have |
| 2:27.6 | gotten a CVE number, like for example, a B-Crypt hash that doesn't use a sufficient cost with call is a minor thing. |
| 2:36.1 | The one thing that I'm actually a little bit concerned about, there is a vulnerability that allows |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.