Hello, welcome to the Monday, April 1st, 2019 edition of the Sandsenet Storms on a Stormcast. My name is Johannes Ulrich,

and I'm recording from Jacksonville, Florida. For the reverse engineers among you, Remco

published another installment about Golang. In this episode, Remko is going over some ideas

how to annotate reversed Golang libraries using the Radaray 2 front-end cutter and Jupiter.

And if you're trying to set up some bulk detection for Mac addresses affected by the Aces

Melver that made big news last week, they're now available for download.

If you remember, the Malver only became active if it was run on a system that used a network card with one of about 600 different hard-coded Mac addresses.

It is assumed that these systems are high-value systems targeted by this particular tag.

Now AIS released an offline scanner, but this one really only contained

hashes of the effect that addresses. You could install this offline scanner and check your address,

but just sort of bruteforcing Mac address using this offline scanner, well, that would have been

way too slow. So Skylight Cyper took a look

at the hashing algorithm used by this offline scanner, which actually wasn't terribly bad. It was

10,000 rounds of salted shot 256, but then again was just one salt.

And with Mac addresses, the space is large but not that huge.

So they were able to actually prove force 583 of the Mac addresses using a reasonably massive

AWS system with 8 Nvidia Tesla GPUs and 16 gigabytes of RAM.

And to save yourself the work and money they made available, the 583 Mac addresses that they were able to brute force so far.

And remember the Pond to Owned contest.

I talked about a couple weeks ago as part of this contest.

There were a number of survey vulnerabilities that were found in all tested browsers, also in

some virtualization software.

...