SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Thursday, September 11th, 2025: BASE64 in DNS; Google Chrome, Ivantii and Sophos Patches; Apple Memory Integrity Feature
6 snips
Sep 11, 2025 Explore the intriguing use of base64 encoding in DNS and its implications for security, particularly for botnets. Discover critical vulnerabilities recently patched in Google Chrome, Ivanti, and Sophos that could allow remote code execution and authentication bypass. Additionally, learn about Apple's new memory integrity enforcement feature designed to bolster device security against spyware and enhance developer tools. Stay informed about the latest in cybersecurity threats and solutions!
AI Snips
Chapters
Transcript
Episode notes
Base64 Over DNS Example
- Didier found base64-encoded commands returned over DNS including characters like '/' and '=' which normally aren't allowed in hostnames.
- NSLookup and some implementations still accept those characters, demonstrating practical protocol leniency.
Don't Trust DNS Content
- DNS can return characters outside the valid hostname set, so you cannot assume DNS responses are always well-formed.
- Treat DNS input like any external data source and validate or sanitize before use.
Validate External Responses
- Validate and sanitize all content returned from external systems, including DNS and Whois, before using it in your applications.
- Assume attackers can embed SQLi or XSS payloads in any external response and code defensively.