One Flash To Rule Them All

Many exploit kits take advantage of Adobe’s flash vulnerabilities to exploit victims. Every company uses an anti-virus software product to defend this type of attack. Because of the complexity of exploit kits and Adobe’s action script language, anti-virus applications could be completely blinded. In this article we will craft an old flash exploit to bypass … Continue reading “One Flash To Rule Them All”

Conquer The Rig Exploit Kit

Conquer The Rig Exploit Kit After the Angler Exploit Kit became less prevalent, the RIG exploit kit quickly took its place to become one of the most “popular” exploit kits in the underground. This blog is a complete analysis of technologies used in the Rig exploit kit.   The Landing Page:   All exploit kits … Continue reading “Conquer The Rig Exploit Kit”

KAIXIN Exploit Kit Update

KaiXin exploit kit (EK) was first identified in August 2012 by Kahu Security.  We believe this exploit kit is written by a Chinese hacker. The word KaiXin means “Happy” In Chinese. Here is the latest research for this exploit kit.     Targeted Operating System: The KaiXin exploit kit is actively targeting Windows XP, Windows Vista, … Continue reading “KAIXIN Exploit Kit Update”

Netgear D6000/D3600 Hard-Coded Cryptographic keys and Auth Bypass

While doing firmware analysis for ThreatPROTECT, I came across a firmware running on Netgear D3600 and D6000 series router. So I decided to analyse it because these models have been used in multiple countries. In this blog post, I am going to explain how did I found flaws, which pose a risk to the privacy … Continue reading “Netgear D6000/D3600 Hard-Coded Cryptographic keys and Auth Bypass”

Adobe Flash Player CVE-2016-4171 Zero Day and Active Attacks

Adobe Flash Player 21.0.0.242 are earlier versions for Windows, Macintosh, Linux, and Chrome OS are currently being exploited and there is no patch. Therefore we have marked them as ‘Zero Day’ as well as ‘Active Attacks’ in ThreatPROTECT.  The exploit uses CVE-2016-4171 in targeted attacks. Adobe is expected to address this vulnerability on June 16. We have … Continue reading “Adobe Flash Player CVE-2016-4171 Zero Day and Active Attacks”

Exploiting Buffer Overflow Vulnerability In Boxoft WAV

Abstract While analyzing exploits for ThreatPROTECT, I came across a proof of concept (PoC) for Boxoft WAV to MP3 Converter that creates a message box on older windows systems. So I decided to pimp-it-up so that it can be converted into a robust exploit which will work on all modern Windows operating systems, demonstrating that the … Continue reading “Exploiting Buffer Overflow Vulnerability In Boxoft WAV”

Neutrino Exploit Kit and CVE-2016-4117

Exploit Kits are swiftly taking advantage of Adobe Flash vulnerabilities. Four days after Adobe released the Flash player update 21.0.0.242, exploit kits quickly added the Flash exploit into their “Lunch package”. This blog is about how we identified  CVE-2016-4117 in the Neutrino Exploit Kit and the process of how we extracted the multiple layers of … Continue reading “Neutrino Exploit Kit and CVE-2016-4117”

Adobe Flash new 0-day – Update

Update: three ExploitKits have so far integrated this new vulnerability. Our RTI for QId: 120098 in ThreatPROTECT is nowExploitKit and ActiveAttacks. Original: According to Adobe a new 0-day vulnerability in its Flash player is under attack in the wild. The vulnerability in tagged as CVE-2016-4117 and affects Flash player version equal or less than V21.0.0.226. Adobe expects … Continue reading “Adobe Flash new 0-day – Update”

Internet Explorer under active attack

Microsoft has released a new version of Internet Explorer 7-11 that addresses the critical vulnerability CVE-2016-0189 together with four other vulnerabilities. According to Microsoft’s bulletins MS16-051 and MS16-053, CVE-2016-0189 is under active attack in the wild. Our RTI for QId: 100284 and 91220 is ActivelyAttacked.

ImageMagick vulnerability under active attack

ImageMagick is a popular open source package for image manipulation. A number of vulnerabilities have been identified in the software: one of them, CVE-2016-3714, allows for Remote Code Execution (RCE) and is under active attack in the wild. There is no patch available at the moment, but users can configure the “policy.xml” file to neutralize … Continue reading “ImageMagick vulnerability under active attack”