Hello, welcome to the Monday, October 29th, 2018 edition of the Sansanet Stormsendos Stormcast. My name is Johannes Ulrich,

and I'm recording from Denver, Colorado. We got a couple of interesting diaries to talk about from this weekend.

First one by Xavier about dissecting malicious office documents with Linux.

The trick here is to install many of the tools that are usually used on Windows on Linux.

Well, Microsoft made that a lot easier by, for example, offering PowerShell for Linux.

Also, the Mono Toolkit essentially implements. Dotnet for Linux. Also, the Mono Toolkit essentially implements dot net for Linux.

So with this, you really sort of get a little mini Windows environment together that you can then use in order to analyze Office documents.

The advantage here, of course, is that you do have a little bit more access, typically

in Linux, and also more scripting tools, more traditional scripting tools, I should say, in order

to automate some of the analysis. And did he introduce a new tool in order to deal with compressed

RTF documents? So, if you have one, then you need to analyze. Take a look. a new tool in order to deal with compressed RTF documents.

So if you have one, then you need to analyze, take a look at DDA's blog post.

And then we have a new vulnerability in System D.

This vulnerability can be exploited via a malicious DHCP V6 response.

It's a heap buffer overflow and, well, of course, can be used to execute arbitrary code as root.

Now, System D has often been criticized for trying really to do too much in one package,

configuring your network and sort of a replacement for the entire network configuration process

is really just one of the things that System D does.

It also replaces your overall startup system on Linux systems.

Sadly, we had a number of critical vulnerabilities in system in the past,

but given its central role for many Linux distributions, you can't easily turn it off

or switch to some of the older alternatives. And according to trend micro attackers

...