Hello, welcome to the Thursday, October 25th, 2018 edition of the Sansonet Stormenters Stormcast. My name is Johannes Ulrich.

And today I'm recording from Denver, Colorado. Yesterday, Xavier analyzed Malware. Remember the one I talked about with the decoy image? Well, it ended up running a bunch of auto IT scripts.

Auto IT is a simple freeware language, similar to basic,

and today Xavier is talking a little bit about how to reverse auto IT scripts.

So typically this scripting language is used to automate various tasks on systems, and

well, that's what Malware is really taking advantage of in automating things like downloading

and installing additional malicious files.

The particular auto IT script that Xavier looked at yesterday did have a number

of sort of obfuscation features that they made it more difficult to reverse it. So today

Xavier is going over some of these obfuscation techniques and how to reverse auto IT scripts

despite these techniques.

And well, if you're running ArcServe Unified Data Protection, you have an update waiting for you

that you should apply after Digital Defense did announce that they found four different

vulnerabilities that are being addressed by this

latest update. The vulnerabilities affect various web services and points of the Unified Data

Protection product and they include the disclosure of sensitive information, also an unauthenticated

XML external entity vulnerability.

Even though people keep saying that XML, well, it's no longer done, it's now all JSON and

rest, well, there's plenty of XML still out there, and XML external energy attacks are certainly

something that's still very much sort of on the map.

Finally, there is also a reflective cross-sad scripting vulnerability that, of course, could

easily be leveraged, for example, as part of a fishing attack.

...