Hello and welcome to the Wednesday, May 3, 2023 edition of the Sands and its Storms anders Stormcast.

My name is Johannes Ulrich and today I am recording from Jacksonville, Florida.

The day today wrote a diary about how to use his Olli dump tool to extract project references from Visual Basic for Application

Project files.

Everything you really need to sort of extract them is already in the tool.

You can identify the stream.

You can then decompress the stream.

And to make things easier, DDE even wrote a plugin that allows you to pretty much automate all of this.

Now, in addition to the project references that can be found in the DIR stream,

that's sort of what DDA shows you here how to extract.

There is also a compiled version of this in the performance cache. That's something that you sadly can't extract yet with DDA's tool.

That's just because, well, the format isn't documented and also this performance cache is somewhat optional. However,

DDA still shows you how to extract strings from the performance cache to see if you see anything

unexpected that you didn't see in the other project references. So certainly mandatory

reading if you are regularly analyzing VBA documents.

And Forkscout wrote a blog post about some newly discovered vulnerabilities in the Free Range

Routing Project. Free Range Routing Project is an open source implementation of routing

protocols, in particular

BGP.

If you're a bit more old-fashioned like myself, you may recognize the name Quagga and F-R routing

was forked from Quagga a few years ago.

Now like a lot of open source networking software, FR, finds itself in a number of commercial products as well.

...