• Posts Tagged ‘malicious’

    Doomsday JavaScript Encoder

    by  • January 31, 2012 • Uncategorized

    In my last post I detailed a whole bunch of ways to make encoders better and that I had authored my own to see how difficult it was. Last night I released the encoder with some extra little bells and whistles to make it a bit more interesting. Bef...

    Read more →

    Analyzing CVE-2011-4369 – Part One

    by  • December 20, 2011 • Uncategorized

    Adobe pulled a fast one a couple days ago when they pushed out their most recent patch. In doing so they addressed CVE-2011-2462, but also mentioned another vulnerability that exploited the PRC format (also related to U3D). This additional vulnera...

    Read more →

    AESv3 CVE-2011-2462 Analysis

    by  • December 19, 2011 • Uncategorized

    Update: I added in some comments to the Origami library to show me the password used to encrypt the documents. The user encryption password used for the samples I have was a null password. If you would like the modified library, email me. In one o...

    Read more →

    Packing PDFs – We are spoiled

    by  • September 20, 2011 • Uncategorized

    A few months ago I took a look at one of the more popular exploit kits and ripped into how it did PDF generation. I thought it was weak, easily identifiable and done without much thought. There was much more that could have been done to obfuscate ...

    Read more →