Understanding Social Engineering Threats and Web Vulnerabilities

In this episode, we talk about downloading and analyzing partial ZIP files, how legitimate remote access tools are used in recent compromises and how a research found an SSRF vulnerability in Azure DevOps
Partial ZIP File Downloads
A closer look at how attackers are leveraging partial ZIP file downloads to bypass file verification systems and plant malicious content.
https://isc.sans.edu/diary/Partial%20ZIP%20File%20Downloads/31608
Ukrainian CERT Advisory on AnyDesk Threat
The Ukrainian CERT provides detailed guidance on identifying and mitigating recent cyber threats exploiting AnyDesk for unauthorized access.
https://cert.gov.ua/article/6282069
Finding SSRFs in Azure DevOps
An in-depth analysis of how server-side request forgery (SSRF) vulnerabilities are discovered and exploited in Azure DevOps pipelines.
https://binarysecurity.no/posts/2025/01/finding-ssrfs-in-devops