Podcast Episodes
Back to SearchSANS Stormcast Tuesday, December 2nd, 2025: Analyzing ToolShell from Packdets; Android Update; Long Game Malicious Browser Ext.
Episode 9720
Hunting for SharePoint In-Memory ToolShell Payloads
A walk-through showing how to analyze ToolShell payloads, starting with acquiring packets all the way to decoding embedded PowerShell commands.
ht…
Published on 2 weeks ago
SANS Stormcast Monday, December 1st, 2025: More ClickFix; Teams Guest Access; Geoserver XXE Vulnerablity
Episode 9718
Fake adult websites pop realistic Windows Update screen to deliver stealers via ClickFix
The latest variant of ClickFix tricks users into copy/pasting commands by displaying a fake blue screen of de…
Published on 2 weeks, 1 day ago
SANS Stormcast Wednesday, November 26th, 2025: Attacks Against Messaging; Passwords in Random Websites; Fluentbit Vuln; #thanksgiving
Episode 9716
Spyware Allows Cyber Threat Actors to Target Users of Messaging Applications
Spyware attacks messaging applications in part by triggering vulnerabilities in messaging applications but also by deploy…
Published on 2 weeks, 6 days ago
SANS Stormcast Tuesday, November 25th, 2025: URL Mapping and Authentication; SHA1-Hulud; Hacklore
Episode 9714
Conflicts between URL mapping and URL based access control.
Mapping different URLs to the same script, and relying on URL based authentication at the same time, may lead to dangerous authentication …
Published on 3 weeks ago
SANS Stormcast Monday, November 24th, 2025: CSS Padding in Phishing; Oracle Identity Manager Scans Update;
Episode 9712
Use of CSS stuffing as an obfuscation technique?
Phishing sites stuff their HTML with benign CSS code. This is likely supposed to throw of simple detection engines
https://isc.sans.edu/diary/Use%20o…
Published on 3 weeks, 1 day ago
SANS Stormcast Friday, November 21st, 2025: Oracle Idendity Manager Scans; SonicWall DoS Vuln; Adam Wilson (@sans_edu) reducing prompt injection.
Episode 9710
Oracle Identity Manager Exploit Observation from September (CVE-2025-61757)
We observed some exploit attempts in September against an Oracle Identity Manager vulnerability that was patched in Octobe…
Published on 3 weeks, 4 days ago
SANS Stormcast Thursday, November 20th, 2025: Unicode Issues; FortiWeb More Vulns; DLink DIR-878 Vuln; Operation WrtHug and ASUS Routers
Episode 9708
Unicode: It is more than funny domain names.
Unicode can cause a number of issues due to odd features like variance selectors and text direction issues.
https://isc.sans.edu/diary/Unicode%3A%20It%20…
Published on 3 weeks, 5 days ago
SANS Stormcast Wednesday, November 19th, 2025: Kong Tuke; Cloudflare Outage
Episode 9706
KongTuke Activity
This diary investigates how a recent Kong Tuke infections evolved all the way from starting with a ClickFix attack.
https://isc.sans.edu/diary/KongTuke%20activity/32498
Cloudflare …
Published on 3 weeks, 6 days ago
SANS Stormcast Tuesday, November 18th, 2025: Binary Expression Decoding. Tea NPM Pollution; IBM AIX NIMSH Vulnerability
Episode 9704
Decoding Binary Numeric Expressions
Didier updated his number to hex script to support simple arithmetic operations in the text.
https://isc.sans.edu/diary/Decoding%20Binary%20Numeric%20Expressions/…
Published on 4 weeks ago
SANS Stormcast Monday, November 17th, 2025: New(isch) Fortiweb Vulnerability; Finger and ClickFix
Episode 9702
Fortiweb Vulnerability
Fortinet, with significant delay, acknowledged a recently patched vulnerability after exploit attempts were seen publicly.
https://isc.sans.edu/diary/Honeypot+FortiWeb+CVE2025…
Published on 4 weeks, 1 day ago