Nginx + PHP 7 Remote Code Execution Vulnerability

On October 24th2019, PHP released updates to address a remote code execution vulnerability. The vulnerability allows an attacker to run arbitrary commands on a vulnerable server by a specially crafted URL. This issue is tracked with CVE-2019-11043. Vulnerability Analysis: The vulnerability resides in the “env_path_info” underflow in PHP-FPM . It contains pointer arithmetics that assumes that … Continue reading “Nginx + PHP 7 Remote Code Execution Vulnerability”

Sundown Exploit Kit Attacking Microsoft Edge Browser

The Sundown Exploit Kit that first came to light in mid 2016, appears to be under aggressive development. The exploit-kit is actively attacking the Edge Browser from Microsoft shipped with Windows 10. Specifically, the exploit-kit is targeting CVE-2016-7200 and CVE-2016-7201 which Microsoft fixed with update MS16-129, released on Patch Tuesday in the month of November. The vulnerability … Continue reading “Sundown Exploit Kit Attacking Microsoft Edge Browser”

Sundown Exploit Kit and The EITEST Campaign

Abstract: After the vanishing of Angler and Neutrino Exploit kits (EK), the underground cyber world of EK was left with only one major player with Rig EK. Pseudo-Darkleech and EITEST, the two most popular website compromise campaigns, both redirected their victims to Rig EK. However, a few days back, our systems recently detected a major … Continue reading “Sundown Exploit Kit and The EITEST Campaign”

TOPSEC Firewall Exploit (ELIGIBLE CONTESTANT)

Abstract: Few days ago, an unknown threat actor, that goes by the name “The Shadow Brokers” leaked some highly sophisticated exploits. It is alleged that the exploits leaked by “The Shadow Brokers” belong to Equation Group – an elite cyber-attack group associated with the NSA. These leaked exploits work against many routers/firewalls from prominent vendors … Continue reading “TOPSEC Firewall Exploit (ELIGIBLE CONTESTANT)”

Sundown Exploit Kit: A New Player In The Exploit Kit World

Abstract: The underground cyber world of exploit kits (EK) is always evolving with addition of new exploits and delivery of new payloads. The EK industry is a huge market and since the disappearing of Angler EK, it appears everyone wants to grab a share of this lucrative market. There is a new player in this … Continue reading “Sundown Exploit Kit: A New Player In The Exploit Kit World”

Analyzing The Latest Neutrino Exploit Kit Sample

Abstract: After the vanishing of Angler Exploit Kit(EK) from the underground exploit market, Neutrino EK has gained a lot of attention and is now one of the most popular exploit kit among cybercriminals. In this blog, we will try to reverse engineer the latest sample that we received and try to identify the exploits this … Continue reading “Analyzing The Latest Neutrino Exploit Kit Sample”