chackraview.net

Just before we say good bye to 2011, Microsoft released a security bulletin for escalation of privileges vulnerability in .Net Framework. NIST describe the vulnerability as – The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access [...]

Last night, a friend sent me an email with a link for analysis. I have seen many such spam emails ever since Microsoft acquired Skype. This was also on the similar front asking your to download latest version of skype from skype-voip-2011-upgrades[dot]com Here is yet another spam email dropping FakeAV malware incident. Few highlights of the analysis: [...]

What is SEO Search engine optimization (SEO) is the process of improving the volume or quality of traffic to a web site.  As an internet marketing strategy, webmasters edit the HTML content to increase its relevance to popular keywords; thereby raising ranking of their websites. SEO techniques can be broadly categorized under white hat and [...]

Update: I simulated the exploit in my virtual pentest lab against different target systems including Windows XP, Windows 2003 R2 and Windows 7. I have written a separate post on EvilFinger blog on steps to reproduce the attack and basic analysis of exploit code. Last week, Google Inc publicly disclosed about being attacked by Chinese [...]