malware 썸네일형 리스트형 RIG Exploit Kit – Diving Deeper into the Infrastructure Following our previous blog post about the leaking of the RIG exploit kit's source code, we dug deeper into the architecture that facilitates the massive infections using RIG. The screen shot below diagrams RIG's infrastructure. RIG Exploit Kit InfrastructureMost commonly we see only the one end of this rabbit hole--the compromised site and the proxy server. Below we will detail what happens beh.. 더보기 Deploying a Smart Sandbox for Unknown Threats and Zero-Day Attacks Zero-day exploits pose some of the most serious risks to users everywhere. The absence of a patch means that it is up to users (and whatever security products they use) to protect against these attacks.One of the tools that can be used in mitigating these attacks is advanced network detection solutions like Trend Micro Deep Discovery, which contains a sandbox that allows for on-the-fly analysis .. 더보기 Komodia ring-0 rootkit Analysis (any malware that privescs could install it and use it First off: this is the first time I "seriously" reversed a kernel-mode NT driver, so keep that in mind when you read this..The Komodia rootkit config is located in a certain registry entry that's hardcoded in the driver. For Qustodio, it's HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\qwd\Data.The config structure is simple enough. An array of the following structure:DWORD type; BYTE unkn.. 더보기 x86obf code virtualizer released for free x86obf is now a free and public project. There are no limitations on number of blocks and number of instructions you can protect. What is x86obf? x86obf is a tool for executable binary protection. It works by locating marked code blocks of code and converting them to a series of instructions understood only by a randomly generated virtual machine in order to make reverse engineering harder. x86o.. 더보기 The analysis of SuperFish adware You probably already heard about Superfish adware that was pre-installed on Lenovo PCs, if not read it here. In this blogpost I’m making an attempt to analyze it.Here is SHA1 hash of analyzed sample (NSIS Installer): A502EA9FAE7E8FE64308088ECC585B45EAD76DA1 - VT linkThe SuperFish presents itself as “VisualDiscovery” software and it is based on Komodia engine. Unfortunately Komodia’s site is offl.. 더보기 Just another day at the office: A ZDI analyst’s perspective on ZDI-15-030 Matt MolinyaweSecurity ResearcherHP Security Research – Zero Day Initiative Many of us here at the ZDI are blessed to look at the world’s best vulnerability research coming from researchers around the world. For those of us who work at the ZDI, it’s literally nothing but zero-day, every day. And we’re not just saying that. It’s documented by the record number of published vulnerabilities attaine.. 더보기 KOMODIA/SUPERFISH SSL VALIDATION IS BROKEN If you are on the ball already and just want the new vulnerability, scroll to the "client side SSL verification" section. tl;dr The Komodia/Superfish proxy can be made to allow self-signed certificates without warnings.RecapSome Lenovo laptops shipped with Superfish preinstalled - an ad injecting software. How it performs ad injection is by using a SSL interception engine byKomodia.The software .. 더보기 An Experimental Require Certificate Transparency Directive for HSTS A little bit ago, while in London at Real World Crypto and hanging out with some browser and SSL folks, I mentioned the thought "Why isn't there a directive in HSTS to require OCSP Stapling?" (Or really just hard fail on revocation, but pragmatically they're the same thing.) They responded, "I don't know, I don't think anyone's proposed it." I had batted the idea around a little bit, and ended u.. 더보기 TeamCity Account Creation Lockout Bypass (CVE-2015-1313) TeamCity is a multi-platform continuous integration and build server product created by JetBrains. It is used by many development organisations to automate the build and deployment of software solutions as part of the development process.TeamCity is a very popular product and hence the number of installations, both public and private, is quite high.TeamCity version 9.0.1 and earlier was found to.. 더보기 Understanding CVE-2015-0310 Flash vulnerability The Flash vulnerability CVE-2015-0310 is fixed in recent patch from Adobe. The vulnerability is in RegEx result parsing code. The vulnerability affects all the version below 16.0.0.287 and patched on January 2015. Though Adobe didn’t provide much information about the vulnerability fixed and very less information available in public, we have an exploit that exploits this vulnerability and have s.. 더보기 이전 1 ··· 28 29 30 31 32 33 34 ··· 57 다음