meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Friday, September 28th 2018

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 28 September 2018

⏱️ 6 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Enriching Radare2/x64dbg Output; Apple DEP; UEFI Rootkit

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Friday, September 28th, 2018 edition of the Sands and its Storm Center's Stormcast. My name is Johannes O'Rourich, and I'm recording from Las Vegas, Nevada.

0:12.7

If you're looking for something to play with this weekend, Renato gave you a nice little toy here, and that's Python code. It helps you to enrich the

0:23.5

output of Radair 2 and X64 debug with decoded strings. So the problem he had was he had a

0:31.7

pretty massive piece of malware that he wanted to reverse engineer. Now this piece of malware had a lot of encoded

0:40.2

strings, simple X or algorithm, but essentially what he wanted to do is decode the strings and then

0:47.2

insert them back into the disassembly output. So this way he had the strings where they were originally located in the binary and then of course by decoding them he immediately was able to recognize where which string was being used.

1:05.0

Pretty neat trick and a neat little piece of Python code that Renato is sharing here with our readers.

1:14.6

And Duo Security took a closer look at Apple's device enrollment program or DEP.

1:21.2

This is essentially what Apple uses for all of its different operating systems, whether that's

1:26.8

TVOS, iOS or MacOS,

1:29.7

in order to allow companies to more or less automatically add devices to their mobile device

1:37.0

management platform.

1:38.9

The neat thing kind of about this particular protocol is that the user doesn't really have

1:43.7

to do anything if the user doesn't really have to do anything. If the user

1:45.9

receives a device whose serial number is registered for a particular company, the device will

1:52.0

automatically enroll itself in the mobile device management program using DEP. And that's

1:59.8

sort of where the first problem lies in order to check if a device

2:04.5

needs to connect to a particular mobile device management system. All you need is the device's

2:10.8

serial number. What you get back is the device's activation record. Now, you may argue there

2:17.0

isn't really that much in this record,

2:20.3

essentially the URL, where to enroll, and a little bit information about the company. So,

2:25.5

for example, company name, address, phone numbers, and some email addresses. However,

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.