Hello, welcome to the Tuesday, May 29th, 2018 edition of the Sandtonet Storm Center's Stormcast.

My name is Johannes Ulrich.

And today I'm recording from Jacksonville, Florida.

Our handlers have been quite busy over the long weekend, so we have a number of diaries to talk about.

First of all, Kevin talked about the use of

ultrasound in order to either locate mobile devices. So that's, for example, used by stores

in order to detect customers and the like. And secondly, also to use it for chat applications or data exfiltration.

So there's a number of links here for various applications that either tell you how to, for example,

jam these locator applications or how to use it, for example, in a simple instant messenger application.

And DDA took a look at some malware that took advantage of the nullsoft scriptable install

system or NSIS.

Now this particular system isn't just used for malware actually a lot of normal software

uses as well and it simplifies the creation

of installers.

Now one interesting observation here from DDA is these NSIS installers, they come with

install script and turns out an old version of 7-zip is able to actually tell you what's in that install

script.

It essentially decompiles it.

Only caveat here, you have to download this old version which has its own problems,

speak vulnerabilities.

And Xavier took a look at how some word macros make it past some common antivirus systems.

Now, this of course has always been happening where you open a word document that supposedly

...