4.9 • 696 Ratings
🗓️ 18 November 2016
⏱️ 6 minutes
🧾️ Download transcript
Click on a timestamp to play from that location
0:00.0 | Hello, welcome to the Friday, November 18th, 2016 edition of the Sandtonet Storm Center's |
0:06.9 | Stormcast. My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida. |
0:12.9 | Xavier had an interesting example today about how you have to be careful when you are investigating an |
0:18.7 | incident, because the bad guys sometimes take specific countermeasures |
0:23.1 | in order to prevent someone from, for example, finding a manipulated web page. |
0:29.5 | In this particular case, the attacker left behind a large blacklist of IP addresses, user agents, |
0:41.5 | and the like that were not shown the fishing site that Xavier was looking at in this case. |
0:44.6 | This can be particular problematic if you come across a site like this. |
0:49.0 | You do notify, for example, the ISP hosting it, but then the ISP cannot verify the existence of the fishing site |
0:57.7 | because the ISP's investigative team is misled by these countermeasures. |
1:04.7 | So if you're investigating a site like this, it's always good to have sort of an uninterpretable |
1:09.6 | DSL or cable modem connection that you can use |
1:13.1 | in order to visit these sites from a safe and isolated system, of course. This will make it |
1:20.6 | more difficult for the attacker to figure out who is actually investigating them. And of course, |
1:26.6 | it will also protect your own network |
1:29.7 | if you access sites like this from an isolated system. |
1:34.5 | Drive by downloads is mostly something Windows users are concerned about, but well, they're no longer |
1:40.7 | really alone, turns out. |
1:42.6 | If you're running Google Chrome on Fedora, you're |
1:45.8 | also subject to a fairly simple drive-by download attack. In this particular case, Chrome will |
1:53.3 | automatically download files to the user's desktop without any confirmation. Now, this in itself |
2:00.0 | wouldn't execute code, but Fedora has a tracker |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2025.