

SANS Stormcast Friday, April 18th: Remnux Cloud Environment; Erlang/OTP SSH Vuln; Brickstorm Backdoor Analysis; GPT 4.1 Safety Controversy
Apr 18, 2025
Discover how to set up a malware analysis environment in the cloud with Remnux. Dive into a critical vulnerability in the Erlang/OTP SSH library that opens doors to remote code execution. Uncover the resurgence of the Brickstorm backdoor affecting both Linux and Windows systems. Lastly, explore the controversy surrounding OpenAI's GPT 4.1 release, which stirred concerns due to the absence of safety measures against potential malware creation.
AI Snips
Chapters
Transcript
Episode notes
Beginner Malware Analysis Setup
- Jacob Kleykamp shared his beginner-friendly experience setting up a cloud-based malware analysis environment with Remnux and Kasm.
- He used AWS free instances and containers to isolate analysis from local networks for safety and ease of reset.
Critical Erlang/OTP SSH Vulnerability
- A critical vulnerability in Erlang/OTP SSH allows unauthenticated remote code execution, scoring a perfect 10 CVSS.
- This flaw executes SSH protocol messages before authentication completes, posing telecom device risks.
Brickstorm Backdoor's Evasive Tactics
- The Brickstorm backdoor, previously Linux-targeted, now infects Windows but lacks remote code execution to evade detection.
- Attackers use RDP and Cloudflare workers for command and control, enabling stealthy network pivoting and file access.