DiscoverSANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)SANS ISC Stormcast, Jan 21, 2025: Downloading Partial ZIP files; Remote Tools Used in Attakcs; Azure DevOps SSRF
SANS ISC Stormcast, Jan 21, 2025: Downloading Partial ZIP files; Remote Tools Used in Attakcs; Azure DevOps SSRF

SANS ISC Stormcast, Jan 21, 2025: Downloading Partial ZIP files; Remote Tools Used in Attakcs; Azure DevOps SSRF

Update: 2025-01-21
Share

Description

In this episode, we talk about downloading and analyzing partial ZIP files, how legitimate remote access tools are used in recent compromises and how a research found an SSRF vulnerability in Azure DevOps

Partial ZIP File Downloads

A closer look at how attackers are leveraging partial ZIP file downloads to bypass file verification systems and plant malicious content.

https://isc.sans.edu/diary/Partial%20ZIP%20File%20Downloads/31608

Ukrainian CERT Advisory on AnyDesk Threat

The Ukrainian CERT provides detailed guidance on identifying and mitigating recent cyber threats exploiting AnyDesk for unauthorized access.

https://cert.gov.ua/article/6282069

Finding SSRFs in Azure DevOps

An in-depth analysis of how server-side request forgery (SSRF) vulnerabilities are discovered and exploited in Azure DevOps pipelines.

https://binarysecurity.no/posts/2025/01/finding-ssrfs-in-devops
Comments 
Top Podcasts
The Best New Comedy Podcast Right Now – June 2024The Best News Podcast Right Now – June 2024The Best New Business Podcast Right Now – June 2024The Best New Sports Podcast Right Now – June 2024The Best New True Crime Podcast Right Now – June 2024The Best New Joe Rogan Experience Podcast Right Now – June 20The Best New Dan Bongino Show Podcast Right Now – June 20The Best New Mark Levin Podcast – June 2024
In Channel
SANS ISC Stormcast, Jan 29th 2025: Python Crypto Stealer; SimpleHelp Exploited; Apple Silicon Vuln; Teamviewer Vuln; Odd QR Code

SANS ISC Stormcast, Jan 29th 2025: Python Crypto Stealer; SimpleHelp Exploited; Apple Silicon Vuln; Teamviewer Vuln; Odd QR Code

2025-01-2906:07

SANS ISC Stormcast, Jan 28th 2025: Z-Shy Phishing; Apple Patches 0-Day; Fortinet Exploit Details; Github and Apache Solr Patches

SANS ISC Stormcast, Jan 28th 2025: Z-Shy Phishing; Apple Patches 0-Day; Fortinet Exploit Details; Github and Apache Solr Patches

2025-01-2806:14

SANS ISC Stormcast, Jan 27, 2025: Access Brokers; Llama Stack Vuln; ESXi SSH Tunnels; Zyxel Boot Loops; Subary StarLeak

SANS ISC Stormcast, Jan 27, 2025: Access Brokers; Llama Stack Vuln; ESXi SSH Tunnels; Zyxel Boot Loops; Subary StarLeak

2025-01-2706:28

SANS ISC Stormcast, Jan 24, 2025: XSS in Email, SonicWall Exploited; Cisco Vulnerablities; AI and SOAR (@sans_edu research paper by Anthony Russo)

SANS ISC Stormcast, Jan 24, 2025: XSS in Email, SonicWall Exploited; Cisco Vulnerablities; AI and SOAR (@sans_edu research paper by Anthony Russo)

2025-01-2414:45

SANS ISC Stormcast, Jan 23, 2025: PFSync Protocol; Oracle CPU; Korean VPN Supply Chain Attack; Ivanti Guidance

SANS ISC Stormcast, Jan 23, 2025: PFSync Protocol; Oracle CPU; Korean VPN Supply Chain Attack; Ivanti Guidance

2025-01-2207:49

SANS ISC Stormcast, Jan 22, 2025: Geolocation via Starlink and Cloudflare; AI Prompt Risks; Homebrew Phishing

SANS ISC Stormcast, Jan 22, 2025: Geolocation via Starlink and Cloudflare; AI Prompt Risks; Homebrew Phishing

2025-01-2209:16

SANS ISC Stormcast, Jan 21, 2025: Downloading Partial ZIP files; Remote Tools Used in Attakcs; Azure DevOps SSRF

SANS ISC Stormcast, Jan 21, 2025: Downloading Partial ZIP files; Remote Tools Used in Attakcs; Azure DevOps SSRF

2025-01-2106:20

SANS ISC Stormcast, Jan 20, 2025: Honeypots for Offense; SimpleHelp and UEFI Secure Boot Vulnerabilities

SANS ISC Stormcast, Jan 20, 2025: Honeypots for Offense; SimpleHelp and UEFI Secure Boot Vulnerabilities

2025-01-2003:24

SANS ISC Stormcast, Jan 17, 2025: Analyzing Complex Datasets, Citrix Update Issues, Ivanti's Security Advisory, and the Future of Passkeys (@sans_edu)

SANS ISC Stormcast, Jan 17, 2025: Analyzing Complex Datasets, Citrix Update Issues, Ivanti's Security Advisory, and the Future of Passkeys (@sans_edu)

2025-01-1712:50

SANS ISC Stormcast, Jan 16, 2025: Critical Vulnerabilities and Cybersecurity Updates You Need to Know

SANS ISC Stormcast, Jan 16, 2025: Critical Vulnerabilities and Cybersecurity Updates You Need to Know

2025-01-1609:02

SANS ISC Stormcast, Jan 14 2025: Microsoft Patch Tuesday, FortiOS and FortiProxy Patches; Paessler PRTG Patches

SANS ISC Stormcast, Jan 14 2025: Microsoft Patch Tuesday, FortiOS and FortiProxy Patches; Paessler PRTG Patches

2025-01-1507:48

SANS ISC Stormcast, Jan 14, 2025: Brute-Forcing Hikvision Devices, macOS SIP Bypass, Linux Rootkits, Aviatrix Exploits, and AWS Ransomware Tactics

SANS ISC Stormcast, Jan 14, 2025: Brute-Forcing Hikvision Devices, macOS SIP Bypass, Linux Rootkits, Aviatrix Exploits, and AWS Ransomware Tactics

2025-01-1307:51

SANS ISC Stormcast, Jan 13, 2025: Defender Updates, Ivanti RCE, Apple USB-C Hack and more

SANS ISC Stormcast, Jan 13, 2025: Defender Updates, Ivanti RCE, Apple USB-C Hack and more

2025-01-1306:43

SANS ISC Stormcast: Cryptomining Malware, Fake PoC Exploit, Malicious Browser Extensions, and Palo Alto Vulnerabilities. Jan 9th 2024

SANS ISC Stormcast: Cryptomining Malware, Fake PoC Exploit, Malicious Browser Extensions, and Palo Alto Vulnerabilities. Jan 9th 2024

2025-01-1007:19

SANS ISC Stormcast, Jan 9, 2025: Critical Vulnerabilities in Ivanti, Aviatrix, and Hijacked Backdoors in Compromised Systems

SANS ISC Stormcast, Jan 9, 2025: Critical Vulnerabilities in Ivanti, Aviatrix, and Hijacked Backdoors in Compromised Systems

2025-01-0906:04

SANS ISC Stormcast, Jan 8, 2025: Critical Vulnerabilities in SonicWall, Moxa, and Windows BitLocker – Plus, Malware Targets PHP Servers and the Launch of U.S. Cyber Trust Mark

SANS ISC Stormcast, Jan 8, 2025: Critical Vulnerabilities in SonicWall, Moxa, and Windows BitLocker – Plus, Malware Targets PHP Servers and the Launch of U.S. Cyber Trust Mark

2025-01-0806:39

ISC StormCast for Tuesday, January 7th, 2025

ISC StormCast for Tuesday, January 7th, 2025

2025-01-0704:52

ISC StormCast for Monday, January 6th, 2025

ISC StormCast for Monday, January 6th, 2025

2025-01-0608:17

ISC StormCast for Friday, December 20th, 2024

ISC StormCast for Friday, December 20th, 2024

2024-12-2005:59

ISC StormCast for Thursday, December 19th, 2024

ISC StormCast for Thursday, December 19th, 2024

2024-12-1907:05

loading
Google Play
Download from Google Play
Castbox
Download from App Store
usUnited States
00:00
00:00
x

0.5x

0.8x

1.0x

1.25x

1.5x

2.0x

3.0x

Sleep Timer

Off

End of Episode

5 Minutes

10 Minutes

15 Minutes

30 Minutes

45 Minutes

60 Minutes

120 Minutes

SANS ISC Stormcast, Jan 21, 2025: Downloading Partial ZIP files; Remote Tools Used in Attakcs; Azure DevOps SSRF

SANS ISC Stormcast, Jan 21, 2025: Downloading Partial ZIP files; Remote Tools Used in Attakcs; Azure DevOps SSRF

Dr. Johannes B. Ullrich