Hello and welcome to the Thursday, January 29th, 2006 edition of the Sands and the

Storm Center's Stormcast. My name is Johannes Ulrich, recording today from Jacksonville, Florida.

And this episode is brought you by the sands.edu undergraduate certificate program in cyber security fundamentals.

Last week, Oracle published its quality critical patch update, and with that, we also got a patch for WebLogic.

That patch, I think I pointed out when it was released, wasn't so far noteworthy that first of all, WebLogic. That patch, I think I pointed out when it was released, wasn't so far noteworthy

that first of all, WebLogic has been exploited many times in the past, and secondly, it

got a CVSS score of 10, so a perfect score here for possible exploit attractiveness, I guess.

I should say because compromising web logic using this particular vulnerability

could lead to a complete system compromise.

So with an exploit like this, I'm usually periodically kind of trying to find

an exploit

attempts in our Honeypot logs and did see one in our logs, but this particular

exploit attempt didn't really make much sense. It had sort of all the parts that you may

expect in an exploit like this, but it was highly unlikely that, well, the vulnerability was as trivial as suggested by this exploit.

So doing a little bit further digging, apparently, at the time when the vulnerability was disclosed by Oracle,

someone published a GitHub repository with what looks like

AI generated exploit that apparently doesn't work at all. And we are now seeing this exploit

being used against basically arbitrary hosts. It's not just being sent against WebLogic,

but really just random hosts.

And, well, I guess to some extent, nice if attackers are wasting the time with AI slob like this.

But on the other hand, what's really happening here is that both defenders and attackers are using AI trying to speed up their development process,

either of signatures or of attack scripts like what we saw here.

...