HackDig : Dig high-quality web security articles for hackers

Static vs Dynamic Analysis and the Amusing Outcome

It all started with a malicious RTF document attached to an email and a request from reader Chris (thanks for your request and help!) to locate the embedded SWF object since it was believed to contain a hidden PE file. The RTF document contained a 2012 exploit which is described here. The difference between the two documents is that this one contained a SWF
Publish At:2017-02-28 04:20 | Read:5425 | Comments:0 | Tags:Malicious Email Malscript flash exploit malware rtf shellcod

Latest Update Patches 78 CVE-classified Flash Security Vulnerabilities

So as a rule, in 2015 running Adobe Flash is already pretty scary – but the latest patch release covers 78 CVE-classified Flash security vulnerabilities.That’s not scary, that’s terrifying.By now you kinda expect flaws in Flash, it’s just a given. But 78 CVE-classified vulnerabilities in one patch release? That’s just insane, th
Publish At:2015-12-10 11:00 | Read:4097 | Comments:0 | Tags:Exploits/Vulnerabilities hacking-flash flash adobe flash sec

Latest EMET Bypass Targets WoW64 Windows Subsystem

Backwards compatibility, a necessary evil for Microsoft in its need to support so many legacy applications on Windows, may be its undoing as researchers have found a way to exploit this layer in the operating system to bypass existing mitigations against memory-based exploits.Specifically in this case, researchers at Duo Security have slid past MicrosoftR
Publish At:2015-11-03 03:50 | Read:2960 | Comments:0 | Tags:Microsoft Vulnerabilities backwards compatibility Duo Labs D

CryptoLocker Variant Coming After Gamers

Gamers may soon be feeling the pain of crypto-ransomware.A variant of CryptoLocker is in the wild that goes after data files associated with 20 different online games, locking downloadable content in an attempt to target younger computer users. Researchers at Bromium today said an unnamed compromised website is serving the malware. Victims are redirected
Publish At:2015-03-12 16:55 | Read:3870 | Comments:0 | Tags:Cryptography Malware Web Security Angler Exploit Kit Bromium

Top Adult Site RedTube Compromised, Redirects to Malware

DISCLAIMER: THIS POST INCLUDES SOME LANGUAGE AND TOPICS THAT MIGHT NOT BE SUITABLE FOR ALL READERS, PLEASE BE ADVISED AND PROCEED WITH CAUTION. We’ve documented adult sites leading to malware before on this blog, but this one is a little bit different. This time around, the source of the problem is not malvertising, but rather a malicious iframe plac
Publish At:2015-02-18 14:40 | Read:4527 | Comments:0 | Tags:Exploits angler anti exploit exploit flash exploit iframes m

Flash Zero Day Being Exploited In The Wild

This is not the first Flash Zero Day and it certainly won’t be the last, thanks to the Sandbox implemented in Chrome since 2011 – users of the browser are fairly safe.Those using IE are in danger (as usual) and certain versions of Firefox.It has been rolled into the popular Angler Exploit Kit, which seems fairly prevalent although not as popular
Publish At:2015-01-22 13:50 | Read:2745 | Comments:0 | Tags:Exploits/Vulnerabilities Malware angler angler exploit kit b


Share high-quality web security related articles with you:)