Showing 13 results for: May 2012 ×Security Research ×

Putting Out the Flame

There's a lot of buzz going around in the security field about a big piece of malware, code named "Flame" or "Skywiper". Let's make some sense and try to extinguish the flame wars. There is an excellent paper that was...

HULK vs. THOR - Application DoS Smackdown

SpiderLabs Research Team Contributions from: @jgrunzweig @ethackal @claudijd There was a new web server DoS tool released yesterday called HULK (Http Unbearable Load King). Here is a snippet from the blog page: In my line of work, I get to...

PHP-CGI Exploitation by Example

Late last week, a vulnerability in PHP-CGI was disclosed, which allows all sorts of bad for folks running PHP-CGI. It was met with lots of controversy and questions about how it was leaked before a patch was available. What we'll...

RedKit Payload - Binary Fun

This blog post focuses on a piece of malware utilized by the recently discovered RedKit exploit kit. Obfuscation techniques are focused on to discover the true purpose of the malware in use.

Bypass Vulnerabilities in Squid and McAfee Web Access Gateway

About two weeks ago, a Brazilian security researcher by the name of Gabriel Menezes Nunes released two URL filter bypass vulnerabilities for both Squid 3.1.9 and McAfee Web Gateway 7.0 (CVE-2012-2213 and CVE-2012-2212 respectively). At a high level, these vulnerabilities...

A Wild Exploit Kit Appears... Meet RedKit

During our research we have recently encountered a new private exploit kit. The developers behind this private kit decided to promote it with a standard banner. After clicking on this banner, you get to a page with a form asking...

Recent Mass SQL Injection Payload Analysis

There have been a number of mass SQL Injection campaigns targeting ASP/ASP.Net/MS-SQL sites over the past few months. While there have been a number of stories, sites and blogs that analyze the the injected JS script tags into the infected...