The recent discovery of Java Web Start Argument Injection vulnerability (CVE-2010-0886 and CVE-2010-0887) has opened a new opportunity for the bad guy to utilize it in drive-by download attack. Here is a short write up on the example (in the wild) found early today, which exploiting this vulnerability. The exploit was found on http://buckomre.com/ and […]
We came across this new variant of malicious PDF that contains a ZBot infostealer Trojan. When a user open the PDF file, a pop up will ask the whether the user would like to save a file called Royal_Mail_Delivery_Notice.pdf. The unsuspecting user might assume that the file is just a PDF file, and therefore will […]
Obfuscation using arguments.callee() in java scripts is widely seen in browser exploitation and malicious PDF attacks. This kind of obfuscation could be a bit tricky to handle for security analyst. The arguments.callee() call is used normally to prevent security analyst from modifying the malicious function. The variable that holds the arguments.callee will be validated in […]
The Internet Explorer Tabular Data Control ActiveX Memory Corruption (CVE-2010-0805) exploit was recently ported to Metasploit, so we decided to release the detection rule for Yara. Yes it can also be used with JSunpack!
ref = "CVE-2010-0805"
impact = 7
hide = true
$cve20100805_1 = "333C7BC4-460F-11D0-BC04-0080C7055A83" nocase fullword
$cve20100805_2 = "DataURL" nocase fullword
$cve20100805_3 = /value\=\"http:\/\/(.*?)\"/ nocase fullword
($cve20100805_1 and $cve20100805_3) or (all of them)
Credit: ZSploit.com Metasploit @d3t0n4t0r
pKaji is a free service provided by MyCERT that allows one to analyze PHP codes. It facilitates detection of network activities and other potentially malicious activities within the code by using the ‘hooking’ technique. Basically, it uses the APD (Advance PHP Debugger) extension to hook the original PHP built-in function. Using pKaji To use pKaji, […]
This is quick note about wildcard usage for the Linux command line particularly on how to select/include some files among the others. Let say you have a directory that contains the following files: $ls mh apache-log.tar.gz.00 apache-log.tar.gz.01 apache-log.tar.gz.02 apache-log.tar.gz.03 apache-log.tar.gz.04 apache-log.tar.gz.05 apache-log.tar.gz.06 apache-log.tar.gz.07 apache-log.tar.gz.08 apache-log.tar.gz.09 apache-log.tar.gz.10 apache-log.tar.gz.11 apache-log.tar.gz.12 apache-log.tar.gz.13 To copy the first 10 files, […]