chackraview.net

Just before we say good bye to 2011, Microsoft released a security bulletin for escalation of privileges vulnerability in .Net Framework. NIST describe the vulnerability as – The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access [...]

This is a quick post about some of the analysis I did in the start of this week. This is a case of yet another exploit for CVE-2010-0806. I am seeing exploits for this vulnerability floating a lot from past couple of months. As described on mitre.org: “Use-after-free vulnerability in the Peer Objects component (aka [...]

CVE-2007-0024 is quite old and you might think, there would be no more active exploitation of this vulnerability as it was patched long back. I will say, think again. Today, I analyzed live attack while exploiting above vulnerability. Here is the gist of my analysis. Overview of CVE-2007-0024: An Integer overflow in the Vector Markup [...]

In my previous blog post, I talked about FakeAV malware and its new techniques to spread by disguising legitimate software download. In this post I will talk about a very simple technique to clean the FakeAV infection. Before I talk about the infection removal, let me list out all the measures taken by malware to prevent [...]

Last night, a friend sent me an email with a link for analysis. I have seen many such spam emails ever since Microsoft acquired Skype. This was also on the similar front asking your to download latest version of skype from skype-voip-2011-upgrades[dot]com Here is yet another spam email dropping FakeAV malware incident. Few highlights of the analysis: [...]

At last the time has come to show some presence again on my blog. After my disappearance for almost half a year, today I got the chance to actually write something… and what motivated me in doing so was a new spyware infection..   Here is the prologue… I was spying on my MATRIX honeypot for new [...]

On 16th July, 2010 a researchers found out a new shortcut to Pawn Remote System in an unusual way. They crafted a way to exploit windows shortcut files, commonly referred as .lnk file in order to gain unauthorized access to remote computer. Users need not even click the shortcut file, if s/he views it in [...]

Last month a security researcher Didier Stevens published a PoC PDF file which had executable embedded inside it. Though Metasploit framework already has this attack module to embed any executable inside a PDF file, the approached used by Didier Stevens is different and does not involve use of Javascript. As JavaScript is not used, disabling [...]

For past few days, I was getting fraud emails impersonating HDFC and IDBI banks. Emails looked pretty legitimate unless you looked into the email headers or actually visited the link provided in them. Below are some screen shots of the emails that I received. You may also see some superficial investigation I underwent to make [...]

Yesterday, I got an email saying some company has filed a lawsuit against me in court with the link to download a word file supposed to be containing copyright law violations. As expected it turned out to be a very sophisticated social engineering attack. When I downloaded the file and scan in virustotal, very few [...]