ISC StormCast for Monday, October 11th, 2021
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 11 October 2021
⏱️ 5 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello, welcome to the Monday, October 11th, 2021 edition of the Sandtonet Storm Center's Stormcast. |
| 0:08.7 | My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida. |
| 0:14.3 | He took a closer look at some of the recent exploit attempts against older Oracle WebLogic vulnerabilities. Back when these |
| 0:23.8 | vulnerabilities were originally discovered, and some of them go back to 2017, but there are also |
| 0:30.6 | some from 2019 that are still being exploited. It was, of course, a big deal given the importance of many of these |
| 0:39.0 | web logic systems. By now I question a little bit how successful these exploit attempts really are, |
| 0:46.6 | and there's really a lot of rehashing of old work here. Some of them attempt to do some obfuscation, probably in order to throw off some basic |
| 0:57.0 | signatures. For example, they're inserting long strings into the exploit string. This is sometimes |
| 1:03.2 | also done to make analysis more difficult, where, for example, a request for the next stage, |
| 1:31.0 | which is typically a shell script, has to come from a particular IP address, and that intermediate directory, what it looks like in the URL to retrieve the string, is specific for the particular source IP or may only exist for a very short amount of time in order to prevent the analysts from later downloading these scripts. |
| 1:36.5 | But regardless, most likely you're just going to get another crypto coin miner in many of these exploits. |
| 1:45.0 | And well, this weekend Rob also wrote up a quick lesson on sorting on the command |
| 1:50.5 | line in Unix, so basically your sort commands and how to use them properly, in particular |
| 1:55.9 | with IP addresses. |
| 1:57.6 | I always see people use, for example, the dash n option with IP addresses. |
| 2:04.1 | Shouldn't really do that. Use capital V, which works much better. Also, I came recently across |
| 2:11.9 | a little adventure, text adventure game that's supposed to teach you some of these basic bash commands. |
| 2:20.4 | Real neatly done, it's actually very simply done too, but certainly educational and |
| 2:25.5 | also somewhat entertaining. If you're sort of into the old style text adventure games, |
| 2:31.4 | I'll add a link to that in the show notes as well. |
| 2:36.7 | And apparently Telegram still has problems getting auto-delete to work properly. |
| 2:42.1 | The idea of auto-delete is that messages are automatically deleted for all chat participants |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.