ISC StormCast for Monday, August 28th 2017
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 28 August 2017
⏱️ 7 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello, welcome to the Monday, August 28th, 2017 edition of the Science and its Storm Center's |
| 0:07.0 | Stormcast. My name is Johannes Ulrich and the day I'm recording from Jacksonville, Florida. |
| 0:13.0 | We recently received some matter samples that were compressed using 7-zip instead of the more common regular SIP or RAR. |
| 0:22.6 | Now DDA has a walkthrough about how to do some preliminary static analysis of these samples. |
| 0:30.6 | In this particular case, the SIP file contains a visual basic script that will then download additional malware. |
| 0:39.3 | The idea shows how to extract and the off-usegate the URLs, the actual malware is then downloaded from. |
| 0:47.3 | So if you run into one piece of malware like this, follow his guide and you pretty much have most of your indicators of compromise here |
| 0:56.4 | to find and block additional factions. And researchers at the University of California, Berkeley, |
| 1:04.5 | and from Princeton University took a closer look at the Internet censorship in different countries. Now, internet censorship |
| 1:13.9 | takes many forms. In recent years, we have seen countries disconnecting themselves from the internet |
| 1:21.5 | in order to prevent protesters, for example, from coordinating via social media sites. And of course, there is the well-known |
| 1:30.8 | big Chinese firewall that is blocking connections to a number of sites. Now, the Chinese firewall, |
| 1:38.1 | at least in part, is implemented using DNS. And these researchers looked in particularly at DNS manipulations. |
| 1:48.1 | They looked less at like outright blocking for example of VPNs, but just whether or not |
| 1:54.6 | DNS responses in various countries were tampered with. |
| 1:59.1 | They did this globally, not just in particular countries, |
| 2:04.3 | and they essentially first did a scan for recursive resolvers in these countries and then used |
| 2:11.8 | them in order to resolve various host names. The research shows that Iran followed closely by China use DNS manipulation |
| 2:21.5 | the most. Now these two countries are not alone. Overall they found that online gambling and |
| 2:28.2 | porn sites were the number one targets, not so much tour and sites like this. |
| 2:35.0 | In some cases, this may be also the effect of individual ISPs taking measures to block controversial content. |
| 2:44.0 | Now, when conducting research like this, one has to be careful to interpret the results, Just the fact that a different IP address is returned |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.