Hello and welcome to the Thursday, October 19th, 2020, 3 edition of the Sandinid Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

Jesse today is going in his diary over decoding hexadecimal encoded data that is very often seen if an attacker has

access to a console but now wants to transmit a binary file over that connection.

First time I've seen this in sort of widespread use was with Mirai.

The Mirai.

The Mirai bot spread via these echo commands, just like what Jesse is describing here,

and see it a lot with all of these sort of Mirai derivatives.

They're basically an attacker is just breaking into a system, using a simple password that was set in the system,

and now needs to use the connection they have established here to the console, to the terminal, to transfer a binary file.

The methods that Jesse is going over here is using Cyber Chef.

First of all, pretty easy to do it with that. And then, well, my favorite method is basically just using XXD. That's the command line utility you find

calmly installed on Unix systems that converts hexadecimal back into binary or back. And then we got

today Oracle's quarterly critical patch update.

This is the October edition, and it fixes 387 vulnerabilities.

Of course, this large number has to be put in context of all the different products that Oracle has to offer.

A couple of highlights here, of course.

I'm not going to talk about 387 different vulnerabilities, but a lot of these

vulnerabilities are in open source Java components, and there are a couple that sort of

keep repeating like Apache Spark and

Commons collections and such that are being patched here. Some of these vulnerabilities I believe

are actually a little bit older and not really that terribly recent vulnerabilities in these

...