Hello and welcome to the Tuesday, February 10th, 2026 edition of the Sands and at Storm Turner's

Stormcast. My name's Johannes Ulrich, recording today from Jacksonville, Florida.

And this episode is brought you by the Sands.edu crash certificate program in penetration testing and ethical hacking.

And today, 17 years ago, was, well, the first episode of this podcast.

Since then, according to my counting, but it's probably not accurate with re-recordings and stuff like this.

We published 4,160 individual episodes,

a few days' worth of audio material. And just, well, to celebrate this a little bit,

if you were born after February 9, 2009, well, drop me an email and I'll have some stickers for you.

Or just interesting to hear how many listeners are actually younger than the podcast itself.

And DDA has a diary today about an update and, well, a way to better use his famous document analysis tools to extract

URLs from RTF documents. And as an example, DDA here has a malicious document that's

based on a basic fishing email that came with an RTF attachment. Extracting URLs is always super useful because, well, that's often in the next step

that the attacker is trying to pursue.

And of course, we had last week this story about, well, malformed URLs.

And that certainly fits in here, too, that you're also been able to extract some of these

malformed URLs that may not necessarily quite match standard patterns, but are still effective.

And we got, well, a new blog post by Watchtower with details regarding the latest vulnerability

in Ivanti's endpoint manager mobile.

That product, always good for easy-to-exploit vulnerabilities,

and this is not so different here.

Now, it took watchtower a little bit time here to actually walk through all the code,

but in the end, it turns out to be a fairly straightforward OS command injection vulnerability.

...