Podcast Detail

SANS Stormcast Thursday, September 18th, 2025: DLL Hooking; Entra ID Actor Tokens; Watchguard and NVidia Patches

If you are not able to play the podcast using the player below: Use this direct link to the audio file: https://traffic.libsyn.com/securitypodcast/9618.mp3

Podcast Logo
DLL Hooking; Entra ID Actor Tokens; Watchguard and NVidia Patches
00:00

CTRL-Z DLL Hooking
Attackers may use a simple reload trick to overwrite breakpoints left by analysts to reverse malicious binaries.
https://isc.sans.edu/diary/CTRL-Z%20DLL%20Hooking/32294


Global Admin in every Entra ID tenant via Actor tokens
As part of September’s patch Tuesday, Microsoft patched CVE-2025-55241. The discoverer of the vulnerability,
Dirk-jan Mollema has published a blog post showing how this vulnerability could have been exploited.
https://dirkjanm.io/obtaining-global-admin-in-every-entra-id-tenant-with-actor-tokens/

WatchGuard  Firebox iked Out of Bounds Write Vulnerability CVE-2025-9242
WatchGuard patched an out-of-bounds write vulnerability, which could allow an unauthenticated attacker to compromise the devices.
https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00015


NVidia Triton Inference Server
NVIDIA patched critical vulnerabilities in its Triton Inference Server.
https://nvidia.custhelp.com/app/answers/detail/a_id/5691

Podcast Transcript

 Hello and welcome to the Thursday, September 18th, 2025
 edition of the SANS Internet Storm Center's Stormcast. My
 name is Johannes Ullrich, recording today from
 Jacksonville, Florida. And this episode is brought to you
 by the SANS.edu Graduate Certificate Program in
 Incident Response. Well, in diaries today, we do have
 Xavier talk about Ctrl-Z DLL hooking. The trick that Xavier
 is referring to here is, well, first of all, if you are
 reverse analyzing malware, you're trying to introduce
 breakpoints into the code where you're able to better
 analyze what's happening in particular segments of the
 code. The problem with this is that you're going to modify
 some of the code in memory by essentially, well, adding
 these software breakpoints to specific API calls. Now,
 malware has a couple different options here in order to
 bypass this. They can like, you know, check whether or not
 these breakpoints are present. That's a little bit tricky
 because they have to go through all the different
 possible API calls that you may have added these
 breakpoints to. But a simpler solution is just reloads the
 code from a disk for that particular DLL with that
 overriding any modifications that may have made after the
 DLL was loaded into memory. And that's exactly what Xavier
 illustrates here and how it is being done in a particular
 malware sample that Xavier came across. This malware
 sample appears to be some prototype, not quite finished
 yet, ransomware that's written in Python. So interesting that
 aspect as well. And it just performs this simple trick
 where it reloads the DLL in order to basically invalidate
 whatever breakpoint or other modifications an analyst may
 have made. And we got an interesting blog post by Dirk
 -Jan Mollema about a vulnerability that Dirk-Jan
 did disclose to Microsoft and which was addressed as part of
 this September's patch Tuesday. This wasn't Azure
 vulnerability. So nothing that you have to patch. Microsoft
 patched it on their end and the possibility here with this
 vulnerability was that anybody with an Azure tenant would be
 able to authenticate as any other tenant in Azure. So that
 security boundary between tenants essentially broke
 down. The problem here was something called actor tokens.
 And this is something that's sort of on the back end that
 Microsoft doesn't really disclose, talk about because
 you never really should see or interact with them. So you
 have a lot of information when one of your service is talking
 to Microsoft service. And then that Microsoft service
 internally sends a connection to another Microsoft service.
 So these service to service communications, they are
 protected with these actor tokens that essentially sort
 of carry forward any access rights and such that the
 original user had, or at least that's the idea. So that's the
 idea here. But part of the here is that the actual sort
 of signatures are being replaced. And with that, well,
 an attacker could essentially just issue a token on their
 end using their tenant claiming to be another user on
 another tenant. And, well, the actor token will just carry
 that information along without validating it properly,
 without authenticating it properly. And that basically
 then creates credentials that you can use as this other
 user. Interesting vulnerability. And, well, yet
 again, a good example on these complexities in these large
 public cloud environments that often lead to these oversight
 and great work here by Dirk-Jan actually figuring it out.
 Well, the blog post URL will be in the show notes with lots
 more details. I tried to represent what's happening
 here, but of course, there are a lot more details to it in
 the blog post. And then we got a couple of vulnerabilities to
 talk about. First off, security appliance, of course,
 and this time it's WatchGuard Firebox. It suffers from an
 out-of-bounds write vulnerability that could be
 used by an unauthenticated attacker to compromise the
 appliance. It affects the iked daemon, which, well, is
 part of IPsec VPNs. So you're only vulnerable if you
 actually have IPsec VPNs configured. So if the iked
 daemon is running and once it's running, well, then an
 attacker could launch that buffer overflow vulnerability.
 Patches have been made available. So apply them as
 quickly as you can. And then to everybody out there playing
 with AI, NVIDIA published a critical update for its Triton
 inference server. This affects the Linux and Windows version.
 There are a number of interesting vulnerabilities
 being addressed here. First of all, that's probably the
 number one vulnerability here, a remote code execution
 vulnerability. This looks like a simple OS command injection
 vulnerability that can be triggered by essentially
 setting a specific model name parameter. Try a semicolon,
 try a pipe and see what happens. And then we have a
 second vulnerability here that's not that much lower
 than the other one, but it's not considered critical. It's
 only considered high. And this is an input validation issue.
 So also exploit may lead here to code execution. Definitely
 get this updated. And this is also the system that you
 probably don't want to leave exposed to the world. Well,
 and this is it for today. So thanks for listening. Thanks
 for liking. Thanks for recommending this podcast and
 subscribing to it. And talk to you again tomorrow. Bye.