ISC StormCast for Monday, August 23rd, 2021
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 23 August 2021
⏱️ 5 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello, welcome to the Monday, August 23, 2021 edition of the Santernet Storm Center's Stormcast. My name is Johannes Ulrich and I'm recording from Stockholm, Germany, but virtually teaching in London, England. |
| 0:16.6 | This weekend, we had some malware analysis tricks from Xavier. First of all, how to wait for a command |
| 0:24.8 | control server that's not readily available. I've seen this happen sometimes where a malware |
| 0:31.6 | campaign is getting too successful and the command control server is overwhelmed with requests. Sometimes, of course, these command |
| 0:40.7 | control servers also shut down and it takes a while for them to show up at, for example, a different |
| 0:46.7 | IP address. So Xavier is going over how to patch the malware to continue to wait and attempt to connect |
| 0:53.9 | to a particular command control |
| 0:56.2 | server in order to figure out how the malware exactly works. |
| 1:03.2 | And in a second Malware related Diary DDE is presenting a Word document that included an executable. |
| 1:11.6 | This may be a little bit not very well thought through attempt at social engineering |
| 1:17.6 | to sort of bypass some of the issues that you have with visual basic macros. |
| 1:22.6 | That's of course still the preferred way to execute code, but users malvary analysis tools or malware protection |
| 1:31.0 | tools are of course pretty aware of this technique now. So here they tried a straight executable. |
| 1:38.9 | However, as did he experience, this does not actually appear to work in any reasonably new version of Office or Word. |
| 1:49.5 | It looks to the user like the user would open an Excel spreadsheet, but the Vert did recognize that it wasn't executable and prevent the user from launching it. So maybe a user |
| 2:04.0 | that really wants to get infected will be able to somehow save the executable in a separate file |
| 2:09.9 | and be able to execute it then, but wouldn't be as straightforward as just clicking on the |
| 2:16.6 | Excel logo in the VIRT document. |
| 2:20.6 | Recently, Microsoft released Windows 365. The idea of the product is to run a Windows 10 and |
| 2:27.9 | in the future a Windows 11 system in the cloud and no longer really have any Windows physical hardware to deal with. |
| 2:37.2 | The product has been quite popular, and Microsoft now released a security guide, or at least |
| 2:43.5 | a blog post, telling you about some of the security features of Windows 365. |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.