VX Search is an automated, rule-based file search solution allowing users to search files by various attributes. Recently, a remotely exploitable zero day was released for VX Search and the PoC is published on exploit-db. The exploit targets a vulnerability in VX Search Enterprise and attackers can execute code with SYSTEM privilege remotely. In this … Continue reading “Zero Day Exploit Analysis for VX Search Enterprise”
Category: ThreatPROTECT
Windows Kernel Elevation of Privilege Vulnerability (CVE 2016-3371)
Introduction The Windows registry is a hierarchical tree with nodes called keys and each key can contain subkeys or values, a logical group of keys is called a hive. By default Windows has 7 standard hives .There are many reasons to target the registry to gain persistence by modifying entries, to obtain user and system … Continue reading “Windows Kernel Elevation of Privilege Vulnerability (CVE 2016-3371)”
WordPress Neosense Theme Zero Day
WordPress is the de-facto open source content management system written in PHP with over 17,000,000 publicly (!) detected installations. Want to make money with your programming skills and WordPress? Easy peasy! Simply develop a theme or a plugin, include other open source products and start making money. It is that easy if you have decent … Continue reading “WordPress Neosense Theme Zero Day”
Microsoft Silverlight Vulnerability CVE-2016-3367 Analysis
On Tuesday, Microsoft released a security update for Silverlight (MS16-109). Silverlight vulnerabilities are always one of the attacker’s favorite targets because most of them allow remote code execution. In this blog, I will explain what the vulnerability is about and the exploit indicators. Patch Diff and Root Cause: Patch diff is a very common way … Continue reading “Microsoft Silverlight Vulnerability CVE-2016-3367 Analysis”
Internet Explorer Information Disclosure Vulnerability (CVE-2016-3321)
Internet explorer can reveal the existence of a file based on how it handles file URIs like file://…, by default IE implements Local Machine Zone Lockdown (LMZL) to prevent access to file URIs and alerts the user via error dialogue box irrespective of the existence of the file. Furthermore, IE restricts execution of scripts based on … Continue reading “Internet Explorer Information Disclosure Vulnerability (CVE-2016-3321)”
TOPSEC Firewall Exploit (ELIGIBLE CONTESTANT)
Abstract: Few days ago, an unknown threat actor, that goes by the name “The Shadow Brokers” leaked some highly sophisticated exploits. It is alleged that the exploits leaked by “The Shadow Brokers” belong to Equation Group – an elite cyber-attack group associated with the NSA. These leaked exploits work against many routers/firewalls from prominent vendors … Continue reading “TOPSEC Firewall Exploit (ELIGIBLE CONTESTANT)”
FortiGate Shadow Brokers Exploit – CVE-2016-6909
Abstract: You may have heard that recently a group known as “Shadow Brokers” released what are said to be a bunch of exploits and tools written and used by the NSA. The dump contains a set of exploits, implants and tools for hacking firewalls (“Firewall Operations”). One of the tools from the Shadow Brokers leak … Continue reading “FortiGate Shadow Brokers Exploit – CVE-2016-6909”
Sundown Exploit Kit: A New Player In The Exploit Kit World
Abstract: The underground cyber world of exploit kits (EK) is always evolving with addition of new exploits and delivery of new payloads. The EK industry is a huge market and since the disappearing of Angler EK, it appears everyone wants to grab a share of this lucrative market. There is a new player in this … Continue reading “Sundown Exploit Kit: A New Player In The Exploit Kit World”
Analyzing The Latest Neutrino Exploit Kit Sample
Abstract: After the vanishing of Angler Exploit Kit(EK) from the underground exploit market, Neutrino EK has gained a lot of attention and is now one of the most popular exploit kit among cybercriminals. In this blog, we will try to reverse engineer the latest sample that we received and try to identify the exploits this … Continue reading “Analyzing The Latest Neutrino Exploit Kit Sample”
One Flash To Rule Them All
Many exploit kits take advantage of Adobe’s flash vulnerabilities to exploit victims. Every company uses an anti-virus software product to defend this type of attack. Because of the complexity of exploit kits and Adobe’s action script language, anti-virus applications could be completely blinded. In this article we will craft an old flash exploit to bypass … Continue reading “One Flash To Rule Them All”
