ISC StormCast for Thursday, July 18th 2019
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 18 July 2019
⏱️ 6 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello, welcome to the Thursday, July 18th, 2019 edition of the Sandstone Storm Center's Stormcast. |
| 0:08.1 | My name is Johannes Ulrich, and the time recording from Svindon, England. |
| 0:13.6 | Xavier did a little study of DNS text records. |
| 0:17.5 | He looked at 300,000 different text records that he had collected and looked at, |
| 0:24.8 | well, what's the content of these DNS text records? Turns out that most of them are used |
| 0:32.2 | for some variation of email filtering, like SPF records, or in some cases also to verify domain ownership. |
| 0:42.8 | But probably most interesting very exploits that Xavier found in these text records. |
| 0:49.0 | There were a couple different cross-site scripting attacks and also a SQL injection attempt. |
| 0:56.3 | This of course does target systems that will, for example, display these text records in |
| 1:02.4 | a web console or insert them into a SQL database. |
| 1:07.7 | The use of DNS to deliver exploits isn't exactly new, so this is something you definitely should be ready for if you are reading DNS text records or any DNS record automatically. |
| 1:21.6 | Host names, for example, while they're more limited in the characters they should contain are not perfectly safe. |
| 1:29.4 | And of course, you could always have someone deliver a non-standard compliant response. |
| 1:35.1 | So for a quick summary and what these exploit records were all about, just check out Xavier's |
| 1:42.4 | diary from today. |
| 1:48.0 | We're talking about Linux malware. We're usually talking about malware attacking servers, for example, via popular web application |
| 1:55.0 | vulnerabilities. So it's kind of exciting that in Teaser, a security company found desktop malware for Linux. |
| 2:04.4 | They dubbed this particular Malver Evil Knoam. It does come disguised as a Knoam extension. |
| 2:12.4 | The purpose of this malware appears to be essentially spyware. It has capabilities to, for example, take screenshots. |
| 2:20.3 | Also, it is able to exfiltrate newly created files. A keystroke logging facility that is part of this |
| 2:29.3 | particular malware doesn't appear to be fully finished yet, which makes it teaser believe that this |
| 2:36.4 | particular malware is still in its development stages, and it is founded on Virus Total, |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.