Hello and welcome to the Monday, December 22nd, 2025 edition of the Sands

United Storm Sunners Stormcast. My name is Johannes Ulrich and today I'm recording from Jacksonville, Florida.

And this episode is brought you by the sands.edu, create the certificate program in cybersecurity leadership.

In Diaries this weekend, we had one by DDIH,

that's a follow-up to one last week from Xavi.

Xavi wrote about DLL entry points.

Now, what the Didi is writing here about is TLS.

When I saw at first, I thought, well, must be something encryption related.

No, TLS here stands for threat local storage.

And that's essentially some environment variables and such that can be passed to the particular

executable that are kept locally for that executable.

DDA explains how usually this is used for like no, full-blown executables,

but DDA did then some tests with DLs.

And since DLs are really just PE files, well, it works there as well and can be used

to execute code before the main function actually executes.

So that is easily then overlooked when you're doing some static analysis of malicious code.

Interesting post and again, if you're doing reverse analysis of Windows malware,

definitely worth the read. And then we do have what I would probably consider a critical

vulnerability in free BSD. The problem here is that an attacker who is connected to the same

network as the victim may be able to accomplish arbitrary code

execution. The problem here are IPV6 router advertisements and your system, your free BSD system

as other operating systems will likely listen for these router advertisements even if you

...