• Same CVE-2012-0158, Different Builder

    by  • March 11, 2013

    Over the past few weeks, I have been fortunate to watch the birth of a new CVE-2012-0158 builder that demonstrates original technique with excellent results (not for long). What is a builder you ask? Well, some attackers/researchers/whatever like ...

    Read more →

    Mandiant APT2 Report Lure

    by  • February 21, 2013

    This morning I identified a PDF with the name "Mandiant_APT2_Report.pdf" uploaded from India and was using a lure different than what Symantec just reported on. The file is password protected following the theme Xecure and myself had seen last yea...

    Read more →

    Existing Vulnerabilities > 0days

    by  • February 16, 2013

    Earlier today I accidently opened up Twitter and saw this tweet: Some may disagree with the statement, but looking at targeted files on a daily basis, I would say it's pretty accurate. Truth be told, it only takes one person to open up the infecte...

    Read more →

    29C3 Post Thoughts

    by  • January 1, 2013

    For whatever reason, maybe it's the "chaos" in the name, I have always wanted to attend the Chaos Communications Congress in Germany. When I heard of the chance of attending this year, I jumped at it and was fortunate enough to earn a stamp of app...

    Read more →