Hello and welcome to the Monday, December 2nd, 24 edition of the Sands and the Storms on a stormcast. My name is Johannes Ulrich and today I'm recording from Jacksonville, Florida.

Luckily, there was no major news this long weekend, so hope everybody got some time to relax.

And we'll start here with a couple of diaries that we published over the last couple days.

He has been working on a scene kind of to go as a front end for our DeShield Honeypot and Sensor.

This has been quite popular among our interns, if you're interested in that.

We now have a post by Paul Sacriere, who is writing how to set this all up in AWS.

But it also works on your standalone honeypot

in order to install the full seam, which requires components like, for example, Elasticsearch.

You need a little bit more resources, so better usually to run it on something like a mini-PC

or virtual machine with Ubuntu versus just sort of a bare-bones

raspberry pie honeypot. For example, you will need 8 gigabyte of RAM.

And Xavier took a look at obfuscation techniques used to make it more difficult to detect an info stealer.

Xavier took the trap stealer as an example and then showed how, first of all, it can be hidden

in a JPEC image.

It can be obfuscated by just adding essentially code that does nothing.

Base 64 encoding and a bunch of other techniques.

Interesting also that the sort of raw code, of course,

increased substantially in size with all of these obfuscation techniques.

On the other hand, it certainly helped a virus total score for this very common form of InfoStealer.

The trapstealer was only three out of 63.

And given that this is, of course, a big shopping season.

I do want to mention some of the threats are going around.

...