SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Tuesday, March 3rd, 2026: Finding URLs in ZIPs in RTFs; Merkle Tree Certificates; Taming Agentic Browsers
14 snips
Mar 3, 2026 A walkthrough of how attackers hide ZIPs inside RTF files and where to find the embedded URLs. A look at Merkle tree certificates as a compact alternative to bulky quantum-safe TLS certs and how Cloudflare and Google plan rollouts. An alert about a Chrome issue where extension access to a new Gemini panel could expose camera and mic, and the wider risks from browser AI features.
AI Snips
Chapters
Transcript
Episode notes
Extract URLs From ZIPs Embedded In RTF
- Investigate compound documents when analyzing suspicious files.
- Diddy’s howto shows extracting a ZIP embedded inside an RTF and then pulling URLs from the nested DOCX to find potential exploit hosts.
Public Example Linked To February Microsoft Exploit
- Real-world exploit used the technique DDA demonstrated.
- A commenter noted Akamai covered the same document exploiting a Microsoft vulnerability patched in February.
Merkle Tree Certificates Shrink Quantum-Safe Handshakes
- Quantum-safe certificates and signatures are far larger than current ones and can break TLS handshakes.
- Merkle tree certificates let servers send compact existence proofs instead of full bulky certificates to avoid multi-packet handshake issues.