meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Monday, October 2nd, 2023

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 2 October 2023

⏱️ 5 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. MIME File Analysis; Infostealer; MIME Files; EXIM Update; WS_FTP Exploit;

Transcript

Click on a timestamp to play from that location

0:00.0

Hello and welcome to the Monday, October 2, 2020, 23 edition of the Sandstone Storm Center's Stormcast.

0:08.7

My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida.

0:14.2

We got a couple of quick diaries from Friday and last weekend.

0:19.3

First, Xavier wrote about a simple NetCat backdoor.

0:24.0

And what's sort of simple about it here is that instead of re-implementing NetCat in Python,

0:31.8

all this particular Python script is doing essentially just downloading NetCat to the system and then launching it to set up a backdoor.

0:42.5

Pretty straightforward and of course not sure if it wouldn't actually be easier kind of to set up something like this in Python, but I guess it works.

0:57.9

Secondly, Xavier also wrote about a backdoor that he saw on a virus total that goes hunting for passwords. What let's make this useful is that

1:04.5

Xavi is also listing the files that this particular malware is looking for. So maybe you can use

1:10.5

that for something like an audit function or so making sure you don't have any matching files on the system.

1:17.6

And if you do have, then, well, definitely make sure that they don't contain any passwords.

1:23.6

And finally, on Sunday, we got a quick post by Diddy about his tool EML dump.

1:31.3

This tool allows you to then dump the mime parts.

1:36.3

What of mime types are being used in mime files into a JSON file.

1:41.3

So a cradle tool to use as part of some kind of malware analysis tool chain.

1:47.6

We got some follow-up items here for last week. First of all, I think it was Friday that I talked

1:54.6

about the XIM vulnerabilities that CDI, the CRDA initiative, discovered, well, we now have an official

2:03.3

response from the XM developers regarding these vulnerabilities. Good news is there are some

2:11.0

mitigations and it's likely that many of the default installs are not vulnerable to some of the verse issues.

2:21.7

First of all, I pointed out like the one authentication out of bands right vulnerability.

2:28.2

This was the one that can lead to code execution without actually authenticating.

2:33.9

Well, it turns out that it's only vulnerable if you offer external authentication mechanisms.

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.