Podcast Detail

SANS Stormcast Thursday, June 12th, 2025: Quasar RAT; Windows 11 24H2 Delay; SMB Client Vuln PoC; Connectwise Signing Keys; KDE Telnet code exec

If you are not able to play the podcast using the player below: Use this direct link to the audio file: https://traffic.libsyn.com/securitypodcast/9490.mp3

previous
Podcast Logo
Quasar RAT; Windows 11 24H2 Delay; SMB Client Vuln PoC; Connectwise Signing Keys; KDE Telnet code exec
00:00

Quasar RAT Delivered Through Bat Files
Xavier is walking you through a quick reverse analysis of a script that will injection code extracted from a PNG image to implement a Quasar RAT.
https://isc.sans.edu/diary/Quasar%20RAT%20Delivered%20Through%20Bat%20Files/32036

Delayed Windows 11 24H2 Rollout
Microsoft slightly throttled the rollout of windows 11 24H2 due to issues stemming from the patch Tuesday fixes.
https://learn.microsoft.com/en-us/windows/release-health/windows-message-center#3570

An In-Depth Analysis of CVE-2025-33073
Patch Tuesday fixed an already exploited SMB client vulnerability. A blog by Synacktiv explains the nature of the issue and how to exploit it.
https://www.synacktiv.com/en/publications/ntlm-reflection-is-dead-long-live-ntlm-reflection-an-in-depth-analysis-of-cve-2025

Connectwise Rotating Signing Certificates
Connectwise is rotating signing certificates after a recent compromise, and will release a new version of its Screen share software soon to harden its configuration.
https://www.connectwise.com/company/trust/advisories

KDE Telnet URL Vulnerablity
The Konsole delivered as part of KDE may be abused to execute arbitrary code via “telnet” URLs.
https://kde.org/info/security/advisory-20250609-1.txt

no transcript found