Author Archives: hiddencodes

Build nwjs12 for windows

Here is the list of steps to build nwjs12 for windows: Download https://src.chromium.org/svn/trunk/tools/depot_tools.zipSet up the path for depot_toolsgclientInstall VS 2013 community editionInstall Windows 10 SDKset DEPOT_TOOLS_WIN_TOOLCHAIN=0set GYP_DEFINES=”clang=0 nwjs_sdk=0 disable_nacl=1″set GYP_MSVS_VERSION=2013mkdir -p $HOME/nwjscd $HOME/nwjsgclient config –name=src https://github.com/nwjs/chromium.src.git@origin/nw12    Add this to .gclient    … Continue reading

Posted in browser, Chrome, Web, Windows | Tagged , , , | Leave a comment

Deobfuscate Javascript using PhantomJS (Headless browser)

Recently when i got a chance to analyze Neutrino Exploit kit capture, i noticed that Neutrino EK has a detection and check for headless browser and other JS based frameworks. One thing that is interesting about Neutrino EK is all … Continue reading

Posted in browser, Chrome, Exploit, Exploit Kit | Tagged , , , , | 5 Comments

Angler Exploit kit breaks Referer chain using HTTPS to HTTP redirection

The author(s) behind Angler EK is known to release reliable exploit(s) for flash/IE and to use various techniques to break various logics used by analysis products for the detection. Recently a security researcher blogged about a new technique used by … Continue reading

Posted in Exploit, Exploit Kit, Malware | Tagged , , , , | 1 Comment

Instrument Microsoft Office applications to defeat macro obfuscations

With the recent increase in documents with macros used to deliver malwares, researchers spend considerable amount of time to analyze these attached scripts to understand the inner workings. Though the macros does follow the similar pattern in file download and … Continue reading

Posted in Document Macro malware Analysis, Exploit, Malware, Malware Analyzer | Tagged , , , , | 1 Comment

Dealing with pcaps in windows using Fiddler/FiddlerCore

Many a times when we receive a pcap(especially exploit packs pcaps) for malware analysis purpose we had to do lot of manual work to load it in Fiddler and extract the objects and analyze those. While using windows, i depend … Continue reading

Posted in Malware, Malware Analyzer, Tools, Web, Windows | Tagged , , , , , , | Leave a comment

Extend Sulo to find the CVE of Flash exploits

In this blog, i like to discuss more about detecting the vulnerability triggered by a particular exploit using Sulo. I have extended it to detect few of the recent vulnerabilities. I have added code to detect CVE-2015-0310, CVE-2015-0311 and CVE-2015-0313. … Continue reading

Posted in browser, Exploit, Exploit Kit, Flash, Flash Exploit Analysis | Tagged , , , , , , , | 1 Comment

Understanding CVE-2015-0310 Flash vulnerability

The Flash vulnerability CVE-2015-0310 is fixed in recent patch from Adobe. The vulnerability is in RegEx result parsing code. The vulnerability affects all the version below 16.0.0.287 and patched on January 2015. Though Adobe didn’t provide much information about the … Continue reading

Posted in Exploit, Exploit Kit, Flash, Flash Exploit Analysis | Tagged , , , , | 2 Comments