ISC StormCast for Monday, October 4th, 2021
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 696 Ratings
🗓️ 4 October 2021
⏱️ 6 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello, welcome to the Monday, October 4, 2021 edition of the Sandcent Storm Center's Stormcast. My name's Johannes Ulrich, and I'm recording from Jacksonville, Florida. |
| 0:12.9 | As far as offense goes, one big trend these last few years has been Living off the Land binaries. This typically refers to finding binaries |
| 0:23.1 | that are installed on systems by default and then using them as part of some malicious |
| 0:29.8 | actions, sometimes for encoding, sometimes for downloading files. Xavier ran to a script |
| 0:36.8 | that did find yet another binary that it abused here or used, I should better say, CVT RES. |
| 0:46.3 | CVT RES is essentially compiling files. It's meant to convert a resource file to a cough object. That's the common object |
| 0:57.0 | file format. Typically extension here would be .obj and then that can be linked to an actual executable. |
| 1:05.0 | So the goal from a hacker's point of view here is to load .res file, which is not necessarily on your top 10 list of |
| 1:14.0 | file types to inspect, and then convert it on the system itself using CVT res, which is installed |
| 1:22.3 | with the dot net framework. |
| 1:25.8 | And recently we had so many seradaries in Google Chrome meaning war on abilities that were exploited before a patch was available that actually I think last week I have to admit I missed to mention two of them. |
| 1:40.9 | So what I recommend is with all of these exploits out there and Google being pretty good |
| 1:47.3 | in responding to them and keeping Google Chrome up to date, once a day, why don't you just |
| 1:53.1 | open Google Chrome type Chrome colon slash settings slash help in the URL bar and that should get you straight to the update dialogue. |
| 2:06.4 | I sometimes find that you have to try twice the first time you'll get an error message, |
| 2:11.3 | but the second time it usually applies the update, and that way you sort of shortcut a little bit the automatic update |
| 2:20.8 | that Google Chrome is doing anyway. Other than that, just at least once a day, close down |
| 2:26.5 | Google Chrome, start up again, that also may trigger the update. And October is Cybersecurity |
| 2:33.7 | Awareness Month. |
| 2:34.5 | Well, if you're listening to this podcast, then probably every month is Cybersecurity |
| 2:39.7 | Awareness Month for you. |
| 2:41.5 | And really the targeted audience here is more non-technical. |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2025.