Microsoft Silverlight Vulnerability CVE-2016-3367 Analysis

On Tuesday, Microsoft released a security update for Silverlight (MS16-109). Silverlight vulnerabilities are always one of the attacker’s favorite targets because most of them allow remote code execution. In this blog, I will explain what the vulnerability is about and the exploit indicators. Patch Diff and Root Cause: Patch diff is a very common way … Continue reading “Microsoft Silverlight Vulnerability CVE-2016-3367 Analysis”

One Flash To Rule Them All

Many exploit kits take advantage of Adobe’s flash vulnerabilities to exploit victims. Every company uses an anti-virus software product to defend this type of attack. Because of the complexity of exploit kits and Adobe’s action script language, anti-virus applications could be completely blinded. In this article we will craft an old flash exploit to bypass … Continue reading “One Flash To Rule Them All”

Conquer The Rig Exploit Kit

Conquer The Rig Exploit Kit After the Angler Exploit Kit became less prevalent, the RIG exploit kit quickly took its place to become one of the most “popular” exploit kits in the underground. This blog is a complete analysis of technologies used in the Rig exploit kit.   The Landing Page:   All exploit kits … Continue reading “Conquer The Rig Exploit Kit”

KAIXIN Exploit Kit Update

KaiXin exploit kit (EK) was first identified in August 2012 by Kahu Security.  We believe this exploit kit is written by a Chinese hacker. The word KaiXin means “Happy” In Chinese. Here is the latest research for this exploit kit.     Targeted Operating System: The KaiXin exploit kit is actively targeting Windows XP, Windows Vista, … Continue reading “KAIXIN Exploit Kit Update”

Neutrino Exploit Kit and CVE-2016-4117

Exploit Kits are swiftly taking advantage of Adobe Flash vulnerabilities. Four days after Adobe released the Flash player update, exploit kits quickly added the Flash exploit into their “Lunch package”. This blog is about how we identified  CVE-2016-4117 in the Neutrino Exploit Kit and the process of how we extracted the multiple layers of … Continue reading “Neutrino Exploit Kit and CVE-2016-4117”

Analysis of RIG Exploit Kit weaponizing CVE-2016-0034

Exploit kit authors often update the capabilities of their exploit kits by adding support for new vulnerabilities so that they can compromise and install malware or ransomware on even more machines. As part of the ThreatPROTECT research team, I analyze exploit kits to keep track of the latest vulnerabilities being incorporated into them. Back in February, I analyzed the … Continue reading “Analysis of RIG Exploit Kit weaponizing CVE-2016-0034”