HackDig : Dig high-quality web security articles for hacker

From BinDiff to Zero-Day: A Proof of Concept Exploiting CVE-2019-1208 in Internet Explorer

By Elliot Cao (Vulnerability Researcher)  Last June, I disclosed a use-after-free (UAF) vulnerability in Internet Explorer (IE) to Microsoft. It was rated as critical, designated as CVE-2019-1208, and then addressed in Microsoft’s September Patch Tuesday. I discovered this flaw through BinDiff (a binary code analysis tool) and wrote a proof of concept (PoC)
Publish At:2019-09-19 14:50 | Read:272 | Comments:0 | Tags:Vulnerabilities BinDiff CVE-2019-1208 Internet Explorer VBSc

Using Monitor Resolution as Obfuscation Technique

A quick blog post about a malicious VBScript macro that I analysed… Bad guys have always plenty of ideas to obfuscate their code. The macro was delivered via a classic phishing email with an attached zip archive that contained a Windows .lnk file. The link containing a simple call to cmd.exe with by very long “echo” line to write a VBScript
Publish At:2016-12-23 09:45 | Read:4118 | Comments:0 | Tags:Malware Security VBScript

De-obfuscating malicious Vbscripts

Although they were never really gone, it looks like there is a rise in the number of malicious vbscripts in the wild. Maybe the similarity to VBA scripts and possible use in macros is responsible for the increased popularity. Let’s have a quick look at a few of them. First some background VBScript has been installed with every desktop version of Windows sin
Publish At:2016-03-01 14:45 | Read:4073 | Comments:0 | Tags:Malware Analysis banker clicker de-obfuscate decrypt dropper

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud