Podcast Episodes
Back to SearchSANS Stormcast Wednesday, July 16th, 2025: ADS Keystroke Logger; Fake Homebrew; Broadcom Altiris RCE; Malicious Cursor AI Extensions
Episode 9528
Keylogger Data Stored in an ADS
Xavier came across a keystroke logger that stores data in alternate data streams. The data includes keystroke logs a…
8 months, 1 week ago
SANS Stormcast Monday, July 14th, 2025: Web Honeypot Log Volume; Browser Extension Malware; RDP Forensics
Episode 9526
DShield Honeypot Log Volume Increase
Within the last few months, there has been a dramatic increase in honeypot log volumes and how often these high…
8 months, 1 week ago
SANS Stormcast Monday, July 14th, 2025: Suspect Domain Feed; Wing FTP Exploited; FortiWeb Exploited; NVIDIA GPU Rowhammer
Episode 9524
Experimental Suspicious Domain Feed
Our new experimental suspicious domain feed uses various criteria to identify domains that may be used for phish…
8 months, 2 weeks ago
SANS Stormcast Friday, July 11th, 2025: SSH Tunnel; FortiWeb SQL Injection; Ruckus Unpatched Vuln; Missing Motherboard Patches;
Episode 9522
SSH Tunneling in Action: direct-tcp requests
Attackers are compromising ssh servers to abuse them as relays. The attacker will configure port forwar…
8 months, 2 weeks ago
SANS Stormcast Thursday, July 10th, 2025: Internal CA with ACME; TapJacking on Android; Adobe Patches;
Episode 9520
Setting up Your Own Certificate Authority for Development: Why and How.
Some tips on setting up your own internal certificate authority using the sm…
8 months, 2 weeks ago
SANS Stormcast Wednesday, July 9th, 2025: Microsoft Patches; Opposum Attack;
Episode 9518
Microsoft Patch Tuesday, July 2025
Today, Microsoft released patches for 130 Microsoft vulnerabilities and 9 additional vulnerabilities not part of …
8 months, 2 weeks ago
SANS Stormcast Tuesday, July 8th, 2025: Detecting Filename (Windows); Atomic Stealer now with Backdoor; SEO Scams
Episode 9516
What s My File Name
Malware may use the GetModuleFileName API to detect if it was renamed to a name typical for analysis, like sample.exe or malware…
8 months, 2 weeks ago
SANS Stormcast Monday, July 7th, 2025: interesting usernames; More sudo issues; CitrixBleed2 PoC; Short Lived Certs
Episode 9514
Interesting ssh/telnet usernames
Some interesting usernames observed in our honeypots
https://isc.sans.edu/diary/A%20few%20interesting%20and%20notab…
8 months, 3 weeks ago
SANS Stormcast Thursday July 3rd, 2025: sudo problems; polymorphic zip files; cisco vulnerablity
Episode 9512
Sudo chroot Elevation of Privilege
The sudo chroot option can be leveraged by any local user to elevate privileges to root, even if no sudo rules ar…
8 months, 3 weeks ago
SANS Stormcast Monday June 30th, 2025: Scattered Spider; AMI BIOS Exploited; Secure Boot Certs Expiring; Microsoft Resliliency Initiative
Episode 9510
Scattered Spider Update
The threat actor known as Scattered Spider is in the news again, this time focusing on airlines. But the techniques used by …
8 months, 4 weeks ago