SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Monday, July 28th, 2025: Linux Namespaces; UI Automation Abuse; Autoswagger
Jul 28, 2025
Discover how Linux namespaces can mask networking features on a per-process basis, enhancing malware analysis. Delve into the alarming emergence of malware that exploits Microsoft’s UI Automation Framework to steal user credentials. Plus, learn about Autoswagger, a handy tool for automating REST API testing that adheres to OpenAPI standards. This episode highlights crucial security insights and the evolving tactics of cyber threats.
AI Snips
Chapters
Transcript
Episode notes
Power of Linux Namespaces
- Linux namespaces allow each process to have its own isolated view of resources like networking and filesystems.
- This isolation is useful for analyzing malware by controlling or redirecting its network activity without affecting the whole system.
Malware Abusing UI Automation
- Malware now abuses Microsoft UI Automation to programmatically interact with user interfaces and steal credentials.
- This expands attacker capabilities beyond traditional browser plugin methods, making attacks more versatile.
Monitor UI Automation DLL
- Monitor usage of the automation UI core.dll to detect malicious UI automation activities.
- Pay attention to software interacting with this DLL as attackers abuse UI automation for credential theft.