Podcast Episodes
Back to SearchSANS Stormcast Monday, December 8th, 2025: AutoIT3 FileInstall; React2Shell Update; Tika Vuln
Episode 9728
AutoIT3 Compiled Scripts Dropping Shellcodes
Malicious AutoIT3 scripts are usign the FileInstall function to include additional scripts at compile…
3 months, 2 weeks ago
SANS Stormcast Friday, December 5th, 2025: Compromised Govt System; React Vuln Update; Array Networks VPN Attacks
Episode 9726
Nation-State Attack or Compromised Government? [Guest Diary]
An IP address associated with the Indonesian Government attacked one of our interns' ho…
3 months, 3 weeks ago
SANS Stormcast Thursday, December 4th, 2025: CDN Headers; React Vulnerabiity; PickleScan Patch
Episode 9724
Attempts to Bypass CDNs
Our honeypots recently started receiving scans that included CDN specific headers.
https://isc.sans.edu/diary/Attempts%20to%…
3 months, 3 weeks ago
SANS Stormcast Wednesday, December 3rd, 2025: SmartTube Compromise; NPM Malware Prompt Injection Attempt; Angular XSS Vulnerability
Episode 9722
SmartTube Android App Compromise
The key a developer used to sign the Android YouTube player SmartTube was compromised and used to publish a malicio…
3 months, 3 weeks ago
SANS Stormcast Tuesday, December 2nd, 2025: Analyzing ToolShell from Packdets; Android Update; Long Game Malicious Browser Ext.
Episode 9720
Hunting for SharePoint In-Memory ToolShell Payloads
A walk-through showing how to analyze ToolShell payloads, starting with acquiring packets all th…
3 months, 3 weeks ago
SANS Stormcast Monday, December 1st, 2025: More ClickFix; Teams Guest Access; Geoserver XXE Vulnerablity
Episode 9718
Fake adult websites pop realistic Windows Update screen to deliver stealers via ClickFix
The latest variant of ClickFix tricks users into copy/pasti…
3 months, 3 weeks ago
SANS Stormcast Wednesday, November 26th, 2025: Attacks Against Messaging; Passwords in Random Websites; Fluentbit Vuln; #thanksgiving
Episode 9716
Spyware Allows Cyber Threat Actors to Target Users of Messaging Applications
Spyware attacks messaging applications in part by triggering vulnerabil…
4 months ago
SANS Stormcast Tuesday, November 25th, 2025: URL Mapping and Authentication; SHA1-Hulud; Hacklore
Episode 9714
Conflicts between URL mapping and URL based access control.
Mapping different URLs to the same script, and relying on URL based authentication at th…
4 months ago
SANS Stormcast Monday, November 24th, 2025: CSS Padding in Phishing; Oracle Identity Manager Scans Update;
Episode 9712
Use of CSS stuffing as an obfuscation technique?
Phishing sites stuff their HTML with benign CSS code. This is likely supposed to throw of simple de…
4 months ago
SANS Stormcast Friday, November 21st, 2025: Oracle Idendity Manager Scans; SonicWall DoS Vuln; Adam Wilson (@sans_edu) reducing prompt injection.
Episode 9710
Oracle Identity Manager Exploit Observation from September (CVE-2025-61757)
We observed some exploit attempts in September against an Oracle Identit…
4 months ago