SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Thursday, November 6th, 2025: Domain API Update; Teams Spoofing; VShell Report
Nov 6, 2025
Discover the latest enhancements to the Domainname API, making data retrieval faster and more flexible. Dive into the alarming Microsoft Teams vulnerabilities that allow for easy impersonation and spoofing of users. Learn about the in-depth analysis of the VSHELL remote control implant, highlighting its functionality and detection strategies. Stay alert against unexpected internal messages with practical advice on verification. This episode is packed with critical insights for navigating today’s cybersecurity landscape.
AI Snips
Chapters
Transcript
Episode notes
Prefer The Static Domain File
- Download the static domain list if you need the complete set of newly registered domains quickly and reliably.
- Use the API pagination only when you need filtered subsets or incremental retrievals to avoid partial results.
Experimental Domain Anomaly Scores
- The domain list includes an experimental anomaly scoring system to help prioritize suspicious registrations.
- Johannes asks for feedback on the scoring to improve its usefulness.
Display Names Undermine Teams Identity
- Microsoft Teams validates an internal UUID but displays an editable display name that recipients see.
- That separation lets attackers impersonate others by changing the visible display name even without spoofing the user ID.