Recently we experimented with our generic unpacking heuristics. Our goal was to unpack a potentially malicious binary and dump the executable from memory to a file. During our experiments we saw a few unknown packers from which we successfully unpacked the binary; with these, however, we dumped the memory but we missed some code in […]
For the last two weeks we have been noticing significant increase of PDF exploit attacks being distributed by email with an attached PDF document posing as a fake invoice.However, closer examination of the PDF file has shown that the exploit uses a two-year-old classified as CVE-2010-0188. Why would anyone use so old an exploit? Well […]
I’ve written about Shell Extension without ASLR support before. Not only do they open up explorer.exe to ROP attacks, but other applications too, like Adobe Reader and Microsoft Office. You could use EMET to force ASLR on these DLLs, assuming you know which applications load shell extensions. Because shell extensions are not only loaded into […]
Latest Comments