-
Recent Posts
- Build nwjs12 for windows
- Deobfuscate Javascript using PhantomJS (Headless browser)
- Angler Exploit kit breaks Referer chain using HTTPS to HTTP redirection
- Instrument Microsoft Office applications to defeat macro obfuscations
- Dealing with pcaps in windows using Fiddler/FiddlerCore
- Extend Sulo to find the CVE of Flash exploits
- Understanding CVE-2015-0310 Flash vulnerability
- Build and use PCRE in windows
Top Clicks
- None
May 2024 S M T W T F S 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 -
Join 54 other subscribers
Author Archives: hiddencodes
Build nwjs12 for windows
Here is the list of steps to build nwjs12 for windows: Download https://src.chromium.org/svn/trunk/tools/depot_tools.zipSet up the path for depot_toolsgclientInstall VS 2013 community editionInstall Windows 10 SDKset DEPOT_TOOLS_WIN_TOOLCHAIN=0set GYP_DEFINES=”clang=0 nwjs_sdk=0 disable_nacl=1″set GYP_MSVS_VERSION=2013mkdir -p $HOME/nwjscd $HOME/nwjsgclient config –name=src https://github.com/nwjs/chromium.src.git@origin/nw12 Add this to .gclient … Continue reading
Posted in browser, Chrome, Web, Windows
Tagged build nwjs for windows, nwjs, nwjs12, nwjs12 for windows
Leave a comment
Deobfuscate Javascript using PhantomJS (Headless browser)
Recently when i got a chance to analyze Neutrino Exploit kit capture, i noticed that Neutrino EK has a detection and check for headless browser and other JS based frameworks. One thing that is interesting about Neutrino EK is all … Continue reading
Angler Exploit kit breaks Referer chain using HTTPS to HTTP redirection
The author(s) behind Angler EK is known to release reliable exploit(s) for flash/IE and to use various techniques to break various logics used by analysis products for the detection. Recently a security researcher blogged about a new technique used by … Continue reading
Posted in Exploit, Exploit Kit, Malware
Tagged Angler EK, Angler EK Analysis, Angler EK Referer chain break, Exploit Kit analysis., ThreatGlass
1 Comment
Instrument Microsoft Office applications to defeat macro obfuscations
With the recent increase in documents with macros used to deliver malwares, researchers spend considerable amount of time to analyze these attached scripts to understand the inner workings. Though the macros does follow the similar pattern in file download and … Continue reading
Dealing with pcaps in windows using Fiddler/FiddlerCore
Many a times when we receive a pcap(especially exploit packs pcaps) for malware analysis purpose we had to do lot of manual work to load it in Fiddler and extract the objects and analyze those. While using windows, i depend … Continue reading
Posted in Malware, Malware Analyzer, Tools, Web, Windows
Tagged Extract files from Pcap, Fiddler, Fiddler Automation, FiddlerCore, pcap, PCAP to File, pcap2saz
Leave a comment
Extend Sulo to find the CVE of Flash exploits
In this blog, i like to discuss more about detecting the vulnerability triggered by a particular exploit using Sulo. I have extended it to detect few of the recent vulnerabilities. I have added code to detect CVE-2015-0310, CVE-2015-0311 and CVE-2015-0313. … Continue reading
Understanding CVE-2015-0310 Flash vulnerability
The Flash vulnerability CVE-2015-0310 is fixed in recent patch from Adobe. The vulnerability is in RegEx result parsing code. The vulnerability affects all the version below 16.0.0.287 and patched on January 2015. Though Adobe didn’t provide much information about the … Continue reading
Build and use PCRE in windows
Building PCRE(older version) source code in windows environment is quite easy with CMake build system. Once you checkout the code from their SVN server using following command: svn co svn://vcs.exim.org/pcre/code/trunk pcre Install the CMake build system and issue the following … Continue reading
Posted in Regex, Windows, Windows VC++
Tagged Compile PCRE C C++, Compile PCRE in windows, Compile PCRE using Visual Studio
1 Comment
Compile avmplus in windows
In this post, i like to document the process and changes needed to build the avmplus in windows environment. Though Adobe provided the solution file, it didn’t work in the first try. If you understand the vcproj file format, its … Continue reading
Posted in C/C++, Flash
Tagged Adobe AVMPlus, AVMPlus Visual Studio compilation, Compile AVMPlus, Compile AVMPlus in Windows
2 Comments
Defeat initial packers used in flash exploits using Sulo
Using Sulo it is quite easy to defeat the initial packers used in the recent flash exploits. All we need is setting up one VM environment as i mentioned in my previous blog and in Sulo Github page. Once you … Continue reading
Posted in Exploit, Exploit Kit, Flash Exploit Analysis
Tagged Flash Exploit analysis, Sulo, Sulo and Loader.loadBytes()
8 Comments