Author Archives: darryl

Wild Wild West – 07/2014

Added the following packs: RIG Exploit Kit Niteris aka “CottonCastle” “Snet” Special thanks to Kafeine for his valuable input.

Posted in Exploit Packs | Comments Off

Reversing a PHP Script Dynamically and Statically

A reader sent me two PHP scripts because the PHP Converter program I wrote wasn’t able to handle it. They are both similar so I’ll just work on one of them in this post. Here’s what it looks like: And … Continue reading

Posted in Malscript, Tools | Tagged , , | Comments Off

Deobfuscating PHP Scripts

Occasionally people send me PHP scripts to help them analyze it. Most of the time, it’s simply unescaping the script and finding the right variable to echo. I got two tricky ones within the past couple of months and finally … Continue reading

Posted in Malscript, Tools | Tagged , | Comments Off

Reversing RIG EK’s Flash File

VirusTotal is showing 0 out of 51 for RIG EK’s SWFIE exploit (MD5: 65AFF3A3774298B3ED5BA2C43F8A1979). Here’s a really quick overview on how to reverse this exploit file so we can determine which vulnerability it’s using. This method can also be used … Continue reading

Posted in Exploit Packs, Malscript, Tools | Tagged , , | Comments Off

RIG Exploit Pack

A new exploit pack has been marketed in the underground since last month and appears to be picking up some steam. The new pack is called RIG and touts the following exploits: Java – CVE-2012-0507, CVE-2013-2465 IE 7/8/9 – CVE-2013-2551 … Continue reading

Posted in Exploit Packs | Tagged , | Comments Off