Hello and welcome to the Tuesday, June 6, 2020,

edition of the Sansonet Stormsendors Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

Today we got a guest diary by Gephard.

The Gephard looked into how to quickly decrypt archives like zip files that may contain malicious

content.

Of course, this is something that's not new.

We have seen this a lot where email attachments arrive as an encrypted zip file.

The password is often in the email or maybe an image.

But sometimes it may also be something that a victim downloaded from a website and the password was displayed on that website, but

now you no longer have access to it. So it may be necessary to relatively quickly decrypt

this SIP file by just brute forcing it. There are dedicated tools

to this very quickly. The solution that Gephardt came up with distinguished itself by basically

being implemented in a simple bash script. Of course, the advantages you don't need to install or even purchase any specific software.

It's not the fastest way to brute force passwords.

But overall, if you consider a time it would take to acquire and configure and actually learn how to use a particular piece of software,

this may be the overall simpler and quicker way of doing it.

And we got an update for KeyPass. KeyPass, the password manager, I mentioned it a week or so ago,

had a vulnerability where the password, the master passphrase used to unlock a key pass, could be retrieved from memory.

This was in part due to the way how the passphrase dialogue was displayed.

So this was fixed now.

CVE 2023, 32784.

...