Monthly Archives: November 2010

Bypassing XSS Filters

Testing web applications can be a frustrating experience especially when you keep seeing the same developer mistakes over and over again. In one of the web apps I recently tested, the developer was not sanitizing user input the right way. … Continue reading

Posted in XSS | Tagged , | Comments Off on Bypassing XSS Filters

Malicious Javascript Analysis

Hackers rely on Javascript like a carpenter relies on his hammer. Javascript is used in exploits, XSS, drive-by downloads, etc. It is also used to redirect users to a malicious website. The following malicious Javascript came in with email as … Continue reading

Posted in Malscript | Tagged , | Comments Off on Malicious Javascript Analysis

New Russian Exploit Kit

On the eve of Thanksgiving Day, I followed the trail of a drive-by exploit which led me to a new, yet-to-be-named exploit kit. It’s in Russian but I think you can make a few things out. This site is located … Continue reading

Posted in Exploit Packs | Tagged , | Comments Off on New Russian Exploit Kit

Bleeding Life Exploit Pack

I came across a new exploit pack called “Bleeding Life”. This one has six exploits at its disposal and costs $200 in the underground. As you can see, it only focuses on Acrobat, Flash, and Java vulnerabilities which has a … Continue reading

Posted in Exploit Packs | Tagged , | Comments Off on Bleeding Life Exploit Pack

ZeuS…Alive and Well

Despite reports that the ZeuS author is getting out of the scene, hackers will probably use the ZeuS kit for awhile. Without support, ZeuS won’t be getting new features like Zitmo to keep up with banking defenses but ZeuS can … Continue reading

Posted in Crimeware | Tagged , , | Comments Off on ZeuS…Alive and Well