Hello, welcome to the Friday, May 27, 2020 edition of the Sands and its Storms,

Understorms, Stormcast. My name is Johannes Ulrich. And today I'm recording from Jacksonville, Florida.

A couple days ago, Xavier talked about how sip bombs in Malware can be used in order to allow

malware to enter networks by essentially making sure

the uncompressed file is large enough that anti-malware won't look at it. Of course, once you

have the uncompressed file, you still have to deal with basically all the garbage data that's

in the file after you uncompressed it.

And DDE now has a little trick for you how you're able to remove that garbage data.

In particular, if there is still an authenticode digital signature in the end, that you would like to preserve.

So what you end up with is the executable,

then a bunch of garbage,

meaning nulls usually, basically empty data,

and then the signature.

So we would like to remove the nulls

and just move the signature back to the end of the executable

and the DDA walks you through some scripts and how to essentially

do this. And Horizon 3 AI as promised that did yesterday release an exploit for CVE 2022-972,

the VMware authentication bypass vulnerability.

And with that exploit, they also released a blog showing the root cause of the vulnerability,

which actually is relatively simple.

When you are logging in to a system that uses Workspace 1, or like We Realize,

is what they used here at Horizon 3 AI.

...