Hello and welcome to the Monday, October 23rd, 2003 edition of the Sansonet Storm Center's

Stormcast. My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

Anybody who has ever touched malware reverse engineering probably knows how useful some of DDA's tools are to accomplish that.

One of the tools that he created is base 64 dump.py.

Now, this tool, of course, as the name implies, was initially created to decode base 64 data

that was sort of found in matter samples and other files.

Well, as the DEA reminds us today, it can actually do a whole lot more, like, for example,

decode a number of hex encodings and the like net bias encodings with like upper lowercase and such.

So if you're interested in some of these advanced features of Bay 64 dump,

well, take a look at DDA's diary where he goes over some of these features.

Now probably I have neglected a little bit talking about some noteworthy bug bounty write-ups.

One of the nice things about buck bounties is that the discoverer then writes up the process,

how they found a certain vulnerability, and what the root cause of the issue was.

Nice example of vulnerability in the harvest app and related to

OAuth tokens particular Microsoft account ORAT tokens one problem with OAuth is as the

client connects to the authentication server in this case Microsoft, it will supply a redirect

URL that's then being used to redirect the user back to the original application, asking for

the Oath credentials. The problem here is, well, that redirect will also include the credentials.

And if an attacker is able to provide malicious redirect, then the credentials are first being sent

to the attacker's website, which of course could steal them. Now, this is prevented usually by limiting the URLs

that the redirect can point to, typically limited kind of to the host name, sometimes a little bit

more specific of the particular app that uses the credentials. But if that particular website now does have within the scope of allowed

...