Podcast Episodes
Back to SearchSANS Stormcast Thursday, September 11th, 2025: BASE64 in DNS; Google Chrome, Ivantii and Sophos Patches; Apple Memory Integrity Feature
Episode 9608
BASE64 Over DNS
The base64 character set exceeds what is allowable in DNS. However, some implementations will work even with these invalid charact…
6 months, 2 weeks ago
SANS Stormcast Wednesday, September 10th, 2025: Microsoft Patch Tuesday;
Episode 9606
Microsoft Patch Tuesday
As part of its September patch Tuesday, Microsoft addressed 177 different vulnerabilities, 86 of which affect Microsoft prod…
6 months, 2 weeks ago
SANS Stormcast Tuesday, September 9th, 2025: Major npm compromise; HTTP Request Signature
Episode 9604
Major npm compromise
A number of high-profile npm libraries were compromised after developers fell for a phishing email. This compromise affected li…
6 months, 2 weeks ago
SANS Stormcast Monday, September 8th, 2025: YARA to Debugger Offsets; SVG JavaScript Phishing; FreePBX Patches;
Episode 9602
From YARA Offsets to Virtual Addresses
Xavier explains how to convert offsets reported by YARA into offsets suitable for the use with debuggers.
htt…
6 months, 2 weeks ago
SANS Stormcast Friday, September 5th, 2025: Cloudflare Response to 1.1.1.1 Certificate; AI Modem Namespace Reuse; macOS Vulnerability Allowed Keychain Decryption
Episode 9600
Unauthorized Issuance of Certificate for 1.1.1.1
Cloudflare published a blog post with more details regarding the bad 1.1.1.1 certificate that was i…
6 months, 3 weeks ago
SANS Stormcast Thursday, September 4th, 2025: Dassault DELMIA Apriso Exploit Attempts; Android Updates; 1.1.1.1 Certificate Issued
Episode 9598
Exploit Attempts for Dassault DELMIA Apriso. CVE-2025-5086
Our honeypots detected attacks against the manufacturing management system DELMIA Apriso.…
6 months, 3 weeks ago
SANS Stormcast Wednesday, September 3rd, 2025: Sextortiion Analysis; Covert Channel DNS/ICMP; Azure AD Secret Theft; Official FreePBX Patches
Episode 9596
A Quick Look at Sextortion at Scale
Jan analyzed 1900 different sextortion messages using 205 different Bitcoin addresses to look at the success rat…
6 months, 3 weeks ago
SANS Stormcast Tuesday, September 2nd, 2025: pdf-parser Patch; Salesloft Compromise; Velociraptor Abuse; NeuVector Default Password
Episode 9594
pdf-parser: All Streams
Didier released a new version of pdf-parser.py. This version fixes a problem with dumping all filtered streams.
https://isc.…
6 months, 3 weeks ago
SANS Stormcast Friday, August 29th, 2025: Scans for ZIP Files; FreePBX 0-Day; Passwordstate Patch
Episode 9592
Increasing Searches for ZIP Files
Attackers are scanning our honeypots more and more for .zip files. They are looking for backups of credential file…
6 months, 3 weeks ago
SANS Stormcast Thursday, August 28th, 2025: Launching Shellcode; NX Compromise; Volt Typhoon Report
Episode 9590
Interesting Technique to Launch a Shellcode
Xavier came across malware that PowerShell and the CallWindowProcA() API to launch code.
https://isc.san…
6 months, 3 weeks ago