SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Monday, February 16th, 2026: Graph Generator; nslookup and clickfix; Chrome 0-Day; TURN Threats
8 snips
Feb 16, 2026 Discussion of an AI-powered knowledge graph tool that maps APT indicators and relationships. A DNS-based ClickFix variant that uses nslookup and custom CNAME responses for PowerShell retrieval. A Google Chrome zero-day fix and the importance of timely updates. Security risks from misconfigured TURN servers that can proxy and abuse traffic.
AI Snips
Chapters
Transcript
Episode notes
AI Builds Actionable Threat Graphs
- AI tools can extract indicators from unstructured threat reports and build relationship graphs automatically.
- These graphs help find common attack sources and support attribution at scale.
ClickFix Variant Using NSLookup
- Microsoft described a click‑fix variant that tricks victims into copying a string and running it in a command prompt.
- The campaign retrieves a next‑stage PowerShell payload via an unusual NSLookup sequence.
Prevent Malicious NSLookup Payloads
- Block or monitor DNS queries to unauthorized recursive servers to stop this NSLookup-based payload retrieval.
- Alert on odd CNAME responses and long, unusual hostnames used in lookups.