Hello and welcome to the Tuesday, January 7th, 2025 edition of the Santonet Storm Center's Stormcast.

My name is Johannes Ulrich.

I'm recording from Jacksonville, Florida.

Keeping Malaver happy, this was the title of Xavier's diary today.

Now, keeping Malver happy for a reverse analyst like Xavier

means keeping it running in an environment that doesn't give away that it's being analyzed.

And he is going over a couple of ways how Malver detects,

whether or not it's running in some

kind of debugger or analysis environment. For example, whether or not outer space layout

randomization or ASLR is enabled. That often matters how the Malver behaves. So the reason this

matters is you need to set up a correct environment to get

correct results as you are running the malware. Running the malware, of course, is often the easiest

way to get a quick impression of what the malware is up to. And Xavier will walk you through some of the tricks that he employs in order to keep

Malver happy. In vulnerabilities, we do have vulnerability in the nuclear vulnerability scanner.

Vulnerability scanners, of course, often need access to systems in order to scan systems using host-based scripts for vulnerabilities.

Well, sadly, in nuclear vulnerability in how the templates that are controlling nuclei are being parsed

can be used to execute arbitrary code, which is the feature of nuclei in some ways, but of course

you want to restrict it to only authorized users, which isn't the case here due to this

vulnerability. What should you do? Well, update, that's really it. And whenever you're dealing

with templates like this, make sure you are using templates from trusted sources.

Ultimately, you are giving these templates access.

So if you're installing a malicious template,

...