Hello, welcome to the Thursday, April 4th, 2019 edition of the Sansanet Stormsendors Stormcast.

My name is Johannes Ulrich and today I'm recording from Jacksonville, Florida.

Today we got a diary by Jim, one of our handlers who is into reverse analysis of malware.

He's actually also teaching a science class about this, and his diary is about how

hydra the tool that the NSA recently released compares to IDA, which is probably the most

common tool that people use these days in order to reverse

malware.

He will actually make a little bit serious out of these posts.

In this first one, he's talking about how to get Hydra to provide you with some of the

details regarding Windows API calls, which is a feature that Jim likes a lot

in IDA. And yes, you can have Hydra do similar things. And of course, it's less than two weeks

to the final tax filing deadline in the US. And this year, according to some

reports, the tax filing season is going to be a little bit more confusing and painful for a lot

of people due to all the changes in the tax code last year. So no surprise, the bad guys are trying to capitalize on this. As usual,

there is a good uptick in IRS and tax-related phishing emails. ProofPoint has a nice collection

of various fishing emails that they have seen. They also round out the list of examples with some non-US based fishing attempts.

So some for Canadian tax authorities, French, I think I've seen some, and British.

This is of course an international problem with fishing and you'll probably find some good

material in this proof point post to include in your own awareness presentations.

Now talking about security awareness, the Sands Securing the Human Project came out with its

monthly Oach newsletter.

This is again the newsletter that you can share with your less technical friends and colleagues.

...