meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Tuesday, December 1st 2020

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

News, Tech News

4.9754 Ratings

🗓️ 1 December 2020

⏱️ 6 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Decrypting PowerShell; TrendMicro Vuln; WebKit Update; New Skimmer JS

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Tuesday, December 1st, 2020 edition of the Sandstone Storm Center's Stormcast.

0:08.0

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

0:13.7

First in diaries, we have a quick diary by DDA showing how to decrypt PowerShell payloadss using his tools base 64 dump and translate.

0:24.9

So what's happening here is that an attacker will encrypt the malicious power shell payload.

0:31.8

It's actually more meant to obfuscate. The key is usually delivered with the encrypted payload. And using the DA's

0:40.6

tools, it's then pretty straightforward to use this key after you extract it from the Malver

0:47.3

to decrypt the actual PowerShell payload. To make all of this as easy as possible, the DA has recorded a video

0:57.0

walking you through the entire process. And another day and yet another Pro-Hescalation

1:04.5

vulnerability in an anti-Malver product. This time, it's Trent trend micros turn and its server protect for a Linux product.

1:15.6

It suffers from a heat-based buffer overflow, and yes, it can use to arbitrary code execution,

1:22.9

but since the attacker needs to have already access to the system that the product is running on.

1:30.4

This really only leads to a privilege escalation.

1:34.2

So overall, not super critical, but something you probably want to take care of in particular

1:39.6

since it's the kind of system that's easily missed.

1:43.9

And of course one class of war on abilities that tends to is the kind of system that's easily missed.

1:51.4

And of course, one class of war on abilities that tends to be hard to sort of take control of is various software components that of course are included then in various products.

1:59.0

One example here, WebKit.

2:01.3

WebKit is a browser engine that is used by multiple browsers.

2:07.5

It's an open source project that originally was created by Apple.

2:13.7

And if you ever looked at user agent strings, you probably saw references to a WebKit in many of these user agents.

2:22.6

Now, as the Cisco's Talis team here disclosed to vulnerabilities that recently were fixed by the WebKit team,

2:32.8

both are arbitrary code execution vulnerabilities that could be

...

Please login to see the full transcript.

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2026.