Over the past few weeks I have been talking with different analysts, programmers and RE folks about the future of malware analysis and how we combat changes in attacks. Ripping apart binaries and developing signatures based on TTPs doesn’t scale (...
Read more →Yesterday Mila posted a Doc file exploiting the recent flash bug (CVE-2012-0754). Having not looked at it yet, I thought this would be a good way to test the new SWF tools Adobe released last night. I downloaded the files from the Contagio site he...
Read more →Hashes and malware go together. When you get a new piece of malware the first thing you should do is create a hash and search for any information available on it. In some cases you may turn up nothing at all, but other times you may end up with a ...
Read more →Adobe pulled a fast one a couple days ago when they pushed out their most recent patch. In doing so they addressed CVE-2011-2462, but also mentioned another vulnerability that exploited the PRC format (also related to U3D). This additional vulnera...
Read more →Update: I added in some comments to the Origami library to show me the password used to encrypt the documents. The user encryption password used for the samples I have was a null password. If you would like the modified library, email me. In one o...
Read more →Summary This is an analysis of a recent attack observed on a on a large enterprise network. The attackers compromised multiple servers via JBOSS JMX console vulnerabilities. With this access they were able to install tools for remote access and tr...
Read more →