SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Internet Stormcast Feb 7th 2025: Unbreakable Anti-Debugging;
7 snips
Feb 7, 2025 Dive into advanced multilayer anti-debugging techniques crafted in Python. Discover alarming malware using OCR to steal information from both Google Play and the Apple App Store. Uncover how legitimate remote management tools like ScreenConnect are being exploited by threat actors. Stay updated on critical vulnerabilities affecting Cisco’s Identity Services Engine and authentication issues in F5’s TLS client certificates. This discussion rounds out with insights on securing remote tools against unauthorized misuse.
AI Snips
Chapters
Transcript
Episode notes
Unbreakable Anti-Debugging System
- Xavier analyzed a Python script with an "Unbreakable Multi-Layer Anti-Debugging System".
- It uses multiple threads and techniques like tracing checks, file overwriting, and checksum calculations.
Managing Remote Management Tools
- Control which remote management tools are installed and used.
- Monitor network protocols, as attackers often use legitimate tools like Screen Connect or VNC.
Crypto Stealing Malware
- Malware targeting crypto wallets on iOS and Android was found.
- It uses OCR on screenshots to steal recovery phrases, often integrated within SDKs.