Hello and welcome to the Monday, September 8, 2025 edition of the Sands and United Storm

Center's Stormcast. My name is Johannes Ulrich, recording today from New York City, New York.

And this episode is brought you by the Sands.edu credit certificate program in Purple Team Operations.

Xavier this weekend wrote a great diary to show you how to use Yara tool,

well, make it easier to analyze malware.

In Yara, of course, you can write signatures to find interesting piece of code in files.

And with that, you also get an offset for that piece of code where it shows up in the file.

The problem you have now is that as you, for example, run that code in a debugger, if you try to identify this piece of code,

well, you need to know the offset in the particular section of the PE file, typically the text

section. And that's what Xavier is explaining here, how to get all the numbers you need to actually

get the right offset in the right section.

And, well, to top it off, Xavier also wrote a little Python script to actually do most of the

work for you.

Myrist Total has a blog post where they're discussing some of the new fishing attacks that I

have seen employing SVG images.

SVG images are vector-based images, so one of the advantage of SVG is that as you increase

the size of the image, it doesn't become pixelated, but instead sort of retains all the features at the higher resolution.

The other advantage of SVG is that's an XML-based format, so it's easily embedded into a webpage.

You don't need to load a separate file, which of course makes things more efficient.

What's not so well known about SVG images is that, well, they can contain

JavaScript. You may ask, why does everything need JavaScript? Well, in this case,

SVG images need JavaScript to create interactive images. So you can change the image as

...