Blog
Recent
- April 10, 2014 March 6, 2014
April 10, 2014 13:59

Heartbleed Continued - OpenSSL Client Memory Exposed

The Heartbleed vulnerability is bad. Not only does it pose a risk to servers running the vulnerable version of OpenSSL (1.0.1 through 1.0.1f) with heartbeats enabled, it also poses a serious risk to clients running the vulnerable versions. OpenSSL clients process heartbeats usin

By Brandon Stultz
April 8, 2014 16:33

Heartbleed Memory Disclosure - Upgrade OpenSSL Now!

Heartbleed is a serious vulnerability in OpenSSL 1.0.1 through 1.0.1f.   If you have not upgraded to OpenSSL 1.0.1g or installed a version of OpenSSL with -DOPENSSL_NO_HEARTBEATS it is strongly recommended that you do so immediately. This vulnerability allows the attacker to rea

By Brandon Stultz
April 8, 2014 13:06

Microsoft Update Tuesday: April 2014, two final XP and Office 2003 fixes

It’s the last Microsoft Update Tuesday before the end-of-life of both Windows XP and Office 2003 and Microsoft is patching two vulnerabilities that also impact XP and two that also impact Office 2003 this month. All-in-all it’s a relatively light month this time around with only

By Jonathan Munshaw
April 8, 2014 09:26

CVE-2014-1761, Oh did you mean CVE-2012-2539?

When the VRT first received word of a new Microsoft Word 0-day I anxiously awaited details and the ever important hash of the in-the-wild exploit to be able to research it and provide coverage through Snort, ClamAV and the FireAmp suite of products. I was especially interested wh

By Alex McDonnell
April 7, 2014 13:37

Dynamically Unpacking Malware With Pin

A common approach that malware takes to hide itself is packing. Traditionally, packing was a means to compress your executable, then unpack and execute it at run time. Packing can also be used as an obfuscation technique for those who wish to hide their executable code. For a whi

By Jonathan Munshaw
April 2, 2014 13:37

Using the Immunity Debugger API to Automate Analysis

By Shaun Hurley
March 11, 2014 13:37

Osx.Trojan.Leverage, a Breakdown Using Dtrace

This article provides a brief introduction to canned DTrace scripts for the purposes of analyzing the malwaresample, Osx.Trojan.Leverage. For this sample, I only needed to use a few of the canned scripts to gather a significant amount of data about how this piece of malware impac

By Shaun Hurley
March 11, 2014 13:03

Micorosft Update Tuesday: March 2014, all about IE (including two 0-day fixes)

It's Microsoft Update Tuesday. While this month is relatively minor, a total of 5 bulletins, it is pretty large for the requisite Internet Explorer bulletin. There’s a total of 23 CVEs covered by the bulletins, 18 of which are found in IE. There’s 2 critical and 3 important

By Jonathan Munshaw
March 6, 2014 10:41

Decoding Domain Generation Algorithms (DGAs) Part III - ZeusBot DGA Reproduction

Note:  The blog post is part 3 of 3.  The first two blog posts can be found: Decoding Domain Generation Algorithms (DGAs): Part I Decoding Domain Generation Algorithms (DGAs) Part II - Catching ZeusBot Injection into Explorer.exe At this point, you can go ahead and close the two

By Jonathan Munshaw