Over the past few weeks, I have been fortunate to watch the birth of a new CVE-2012-0158 builder that demonstrates original technique with excellent results (not for long). What is a builder you ask? Well, some attackers/researchers/whatever like ...
Read more →After my initial excitement died down, I sat down and took a look at the ~I32SUN.exe file and was saddened to find it looked just like CMD.exe. Hoping for something modified or different, I threw both files into BinDiff, but was saddened to see a ...
Read more →In my last post I detailed a whole bunch of ways to make encoders better and that I had authored my own to see how difficult it was. Last night I released the encoder with some extra little bells and whistles to make it a bit more interesting. Bef...
Read more →Recently I have been spending my time focusing on targeted PDF files. Something I have always ignored were PDFs that just acted as a vehicle for SWF files, but a lot of these CVE2011-0611 exploits are finding their way in my inbox, so I thought it...
Read more →When I mention mapreduce I typically get a blank stare in return and even more so when I talk about it with malware. I think raw data tends to speak much louder than theories or whitepapers, so attached are several JSON output files from multiple ...
Read more →I figured there is no better time to release a tool then at Blackhat and Defcon. Feel free to click around, share reports and use the API to query for samples. I am interested in hearing feedback, comments, suggestions and any other ideas you may ...
Read more →