A “ransomware” called “WannaCrypt” has locked thousands of computers in more than 150 countries. We have released a blog about this ransom ware last week. Here is a quick blog about a way to make your system immune to this ransom ware if you can’t install the patch for some reason. Mutex And Indicator … Continue reading “A Quick Way to Immune to WannaCrypt Without Patch”
Author: Ses Wang
Doublepulsar backdoor spreading rapidly in the wild
On April 14, 2017 – The mysterious hacking group ShadowBrokers released cyber spying tools allegedly employed by the U.S. National Security Agency. This week, it’s reported that more than 300,000 Windows machines are affected by a backdoor called “Doublepulsar” from the tools. This blog is about what “Doublepulsar” is and how we detect it. … Continue reading “Doublepulsar backdoor spreading rapidly in the wild”
Ticketbleed Vulnerability On F5 BIG-IP
A remote memory leaking vulnerability called Ticketbleed (CVE-2016-9244) is found on F5 BIG-IP Devices. The vulnerability allows remote attacker to extract up to 31 bytes of uninitialized memory at a time. Root cause of this heartbleed style vulnerability is during the TLS/SSL handshake, F5 BIG-IP servers echos back fixed size of memory data even client asks less … Continue reading “Ticketbleed Vulnerability On F5 BIG-IP”
WordPress Vulnerabilities Are Being Actively Exploited
At the end of January 2017, WordPress released version 4.7.2 to fix multiple security vulnerabilities. Not long after that, active exploits against these vulnerabilities were detected. Attackers left messages like “by NG689Skw” or “by w4l3XzY3” on the victims’ websites. Here’s a screenshot: You can see that the attacker became “ADMIN” of the WordPress site, and that remote code … Continue reading “WordPress Vulnerabilities Are Being Actively Exploited”
Microsoft Edge JavaScript Information leaking Vulnerability Analysis
On November’s Microsoft Patch Tuesday, Microsoft patched multiple security vulnerabilities in Edge browser. At the beginning of January, a security research published POC code on github which exploit CVE-2016-7200 and CVE-2016-7201. Not long after the POC code, these 2 vulnerabilities become actively being exploited by multiple exploit kits. This blog is about the analysis of root … Continue reading “Microsoft Edge JavaScript Information leaking Vulnerability Analysis”
Shell Code Analysis for The Active Firefox Tor Attack
On November 29, an exploit code against TorBrowser was published. It is reported that Firefox and TorBrowser are under active attack for this vulnerability. This blog explains what the attackers are trying to do on their victim’s machine (shell code) and the techniques used under the hood. Get The Shell Code Ready Shell code is … Continue reading “Shell Code Analysis for The Active Firefox Tor Attack”
NTP CVE-2016-7434 Vulnerability Analysis
Last week, the Network Time Foundation’s NTP Project released a new version, NTP 4.2.8p9, to fix 10 security vulnerabilities. We noticed that after the new release came out, the original research published a POC for exploiting CVE-2016-7434. This blog is about the verifying the exploit published and a deep analysis about this vulnerability. NTP MRU … Continue reading “NTP CVE-2016-7434 Vulnerability Analysis”
CVE-2016-7255 Vulnerability Analysis and Patch Diff
On November’s Patch Tuesday, Microsoft patched an elevation of privilege vulnerability (CVE-2016-7255) in MS16-135. It was reported that this vulnerability is being actively exploited by Pawn Storm, APT28, Fancy Bear. This blog is about what is this vulnerability and how does Microsoft fix it. Window, Child Window and CVE-2016-7255 Window plays an important part in Microsoft’s … Continue reading “CVE-2016-7255 Vulnerability Analysis and Patch Diff”
Mirai Botnet Analysis
Recently, a distributed denial of service attack against the company Dyn brought down websites and apps across United States’ internet. This attack is believed started by the botnet Mirai. The source code of this botnet has apparently been released on Github. This blog is about the analysis of this botnet from its source code. Weak Passwords: The first … Continue reading “Mirai Botnet Analysis”
Zero Day Exploit Analysis for VX Search Enterprise
VX Search is an automated, rule-based file search solution allowing users to search files by various attributes. Recently, a remotely exploitable zero day was released for VX Search and the PoC is published on exploit-db. The exploit targets a vulnerability in VX Search Enterprise and attackers can execute code with SYSTEM privilege remotely. In this … Continue reading “Zero Day Exploit Analysis for VX Search Enterprise”