Background: NTP stands for Network Time Protocol, which is a UDP based protocol designed to synchronize clocks of devices over a network with Coordinated Universal Time (UTC). In it’s fourth version, it is one of the oldest networking protocols. NTP.org implemented this as a daemon. Many vendors use this implementation in their products. In it’s … Continue reading “NTPD read_mru_list() DoS Layman Analysis”
Shell Code Analysis for The Active Firefox Tor Attack
On November 29, an exploit code against TorBrowser was published. It is reported that Firefox and TorBrowser are under active attack for this vulnerability. This blog explains what the attackers are trying to do on their victim’s machine (shell code) and the techniques used under the hood. Get The Shell Code Ready Shell code is … Continue reading “Shell Code Analysis for The Active Firefox Tor Attack”
NTP CVE-2016-7434 Vulnerability Analysis
Last week, the Network Time Foundation’s NTP Project released a new version, NTP 4.2.8p9, to fix 10 security vulnerabilities. We noticed that after the new release came out, the original research published a POC for exploiting CVE-2016-7434. This blog is about the verifying the exploit published and a deep analysis about this vulnerability. NTP MRU … Continue reading “NTP CVE-2016-7434 Vulnerability Analysis”
Windows Disk Cloning Vulnerability CVE-2016-7224
Introduction: Microsoft has released many fixes in the month of November, MS16-138 focuses on the virtual hard disk driver(VHD) vulnerabilities. In article we will be focusing on the CVE-2016-7224, Google Project Zero disclosed this vulnerability to microsoft. The vulnerability also compromises confidentiality as it leaks information. We will first provide some background about virtual disks … Continue reading “Windows Disk Cloning Vulnerability CVE-2016-7224”
CVE-2016-7255 Vulnerability Analysis and Patch Diff
On November’s Patch Tuesday, Microsoft patched an elevation of privilege vulnerability (CVE-2016-7255) in MS16-135. It was reported that this vulnerability is being actively exploited by Pawn Storm, APT28, Fancy Bear. This blog is about what is this vulnerability and how does Microsoft fix it. Window, Child Window and CVE-2016-7255 Window plays an important part in Microsoft’s … Continue reading “CVE-2016-7255 Vulnerability Analysis and Patch Diff”
Sundown Exploit Kit and The EITEST Campaign
Abstract: After the vanishing of Angler and Neutrino Exploit kits (EK), the underground cyber world of EK was left with only one major player with Rig EK. Pseudo-Darkleech and EITEST, the two most popular website compromise campaigns, both redirected their victims to Rig EK. However, a few days back, our systems recently detected a major … Continue reading “Sundown Exploit Kit and The EITEST Campaign”
IE Information Disclosure 0-day used in Malvertising campaigns and Neutrino EK
Introduction: The success of an exploit kit depends on many parameters infecting effective targets, avoiding honeypots, sandboxes and researchers who are always on the lookout for new exploit kits and expose it to world. An exploit kit that is stealthy will have a longer life time and gains more reputation. This is reflected in an EK’s capability … Continue reading “IE Information Disclosure 0-day used in Malvertising campaigns and Neutrino EK”
Mirai Botnet Analysis
Recently, a distributed denial of service attack against the company Dyn brought down websites and apps across United States’ internet. This attack is believed started by the botnet Mirai. The source code of this botnet has apparently been released on Github. This blog is about the analysis of this botnet from its source code. Weak Passwords: The first … Continue reading “Mirai Botnet Analysis”
Dirty COW – CVE-2016-5195
Introduction: A privilege escalation vulnerability in Linux Kernel has been discovered by Phil Pester. The bug has been in existence since version 2.6.22 which was released in 2007 and has been fixed on Oct 18 2016. The bug allows an unprivileged authenticated local user to gain write access to read only memory mappings. A number … Continue reading “Dirty COW – CVE-2016-5195”
Zoho ManageEngine OpManager 12.0 Multiple Vulnerabilities
Abstract: While doing our daily research for ThreatPROTECT, I came across ManageEngine, Zoho Corporation’s OpManager product. It is a network monitoring software that helps administrators discover, map, monitor and manage complete IT infrastructure thereby providing all the visibility and control that you need over your network. So we decided to use it for our internal … Continue reading “Zoho ManageEngine OpManager 12.0 Multiple Vulnerabilities”
