ISC StormCast for Thursday, December 15th 2016
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 15 December 2016
⏱️ 5 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello and welcome to the Thursday, December 15th, 2016 edition of the Sanjord, Storm Center's Stormcast. |
| 0:07.5 | My name is Johannes Ulrich, and I am recording from Washington, D.C. |
| 0:11.9 | Xavier looked at an interesting JavaScript sample that a user submitted this particular exploit, |
| 0:19.7 | abuses an interesting feature in the event viewer, which is a tool in Windows to look at log events. |
| 0:28.6 | Well, in this case, actually, it is abused in order to bypass UAC. |
| 0:33.6 | All you have to do is you have to write the script that you would like the event viewer to execute in the right registry key and well event viewer will execute this script without actually triggering uac and the script will run with high privileges as far as as I can tell, this particular method to bypass |
| 0:56.1 | UAC was first described back in August. So interesting to see this now in relatively common |
| 1:05.1 | malware. And Trustwave released advisory describing a desktop API in Skype as a backdoor because, well, |
| 1:15.1 | instead of authenticating to the API as you typically would have to do as a desktop program |
| 1:22.8 | can be bypassed by just naming the client correctly as Skype Dashboard Widget plugin. |
| 1:30.3 | Describing that as a backdoor, I think, is a little bit a stretch, is a desktop API that allows other software running on the same system to access Skype. |
| 1:43.3 | Makes it easier to do so, but I think actually without the API, |
| 1:47.0 | you probably could gain access in this situation to things like messages |
| 1:53.0 | or audio being sent to Skype. |
| 1:57.0 | You are just foregoing the warning to the user that you're going to do this. |
| 2:02.4 | Microsoft, on the other hand, announced that they're actually going to remove this API, |
| 2:08.0 | no longer going to support it. |
| 2:10.2 | Of course, at this point, it's sort of just being phased out. |
| 2:14.6 | I've already talked about certificate transparency a few times on this podcast. Certificate |
| 2:20.3 | transparency is a process where certificate authorities are publishing information about certificates |
| 2:27.7 | that they are issuing. The idea behind these logs is that you can search these logs and then figure out if someone is trying to obtain a certificate for a domain name that you are controlling. |
| 2:43.5 | Now, up to now, there were a couple of sites that allowed you to search these logs, but there wasn't really anything simple and free that would allow you to |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.