Hello, welcome to the Monday, November 28th, 2016 edition of the Sansonet Storms and Stormcast. My name's

Johannes Ulrich, and I'm recording from Jacksonville, Florida. Now, we are lucky that many of our

handlers are actually not living in the US, so they didn't get the long weekend. And as a result,

we still ended up with some great diaries just want to point out a couple

here first one ddia did he wrote a neat little tool to extract shell code from javascript of course

if you're dealing with javascript exploits they often do transmit shell code as part of the JavaScript

and the DDA's little Python script will make it pretty easy to extract the code, including

Unicode encoded and hexadecimal encoded characters.

And then Russ is talking about Skapy, Scapey, of course, being one of my

all-time favorite tools. And well, there are a couple of reasons why you would use a tool

like Scapey to craft packets. First of all, it's a ton of fun. So that's one reason why you may

want to do it. Secondly, you may have a snort signature for an attack for which you,

luckily in some cases, don't have a sample for.

So you need to create something that will trigger that snort signature

in order to make sure that it's actually working.

So Russ walks you through the process of creating a simple HTTP request using Scapey in order

to check whether or not one of the signatures for Cozy Duke, which is one of these APT threats

that has made the news recently also known as Co cozy bear or fancy bear, but they either way,

of course, with these APT attacks, well, you don't see them every day, so it's a little bit hard

to check whether or not the signature is effective, and that's exactly where this Scapey script

will help you with, and you can easily modify it for other signatures.

And Checkpoint is reporting that they found a vulnerability in Facebook's image upload feature

...