Tag Archives: exploit kit

Converter Updated

The latest version includes several new features which I’d like to highlight here: Enhanced Range Search/Replace The feature can be found by going to this menu item under Tools: You can now add incrementers as a text replacement as seen … Continue reading

Posted in Malscript, Tools | Tagged , , , , , | Comments Off on Converter Updated

Reversing RIG EK’s Flash File

VirusTotal is showing 0 out of 51 for RIG EK’s SWFIE exploit (MD5: 65AFF3A3774298B3ED5BA2C43F8A1979). Here’s a really quick overview on how to reverse this exploit file so we can determine which vulnerability it’s using. This method can also be used … Continue reading

Posted in Exploit Packs, Malscript, Tools | Tagged , , | Comments Off on Reversing RIG EK’s Flash File

RIG Exploit Pack

A new exploit pack has been marketed in the underground since last month and appears to be picking up some steam. The new pack is called RIG and touts the following exploits: Java – CVE-2012-0507, CVE-2013-2465 IE 7/8/9 – CVE-2013-2551 … Continue reading

Posted in Exploit Packs | Tagged , | Comments Off on RIG Exploit Pack

8×8 Script Leads to Infinity Drive-By

The “8×8” script I’m referring to includes a link that looks like this: hxxp://www.example .com/JB3xd6iX.php?id=87342871 And can be detected using a regular expression that looks something like this: /^.*\/[a-z0-9A-Z]{8}\.php\?id=\d{8}$ One set of links redirect users to social engineering scams (e.g. … Continue reading

Posted in Exploit Packs, Malscript | Tagged , , , , | Comments Off on 8×8 Script Leads to Infinity Drive-By

Pinpointing Malicious Redirects

Cybercriminals are constantly thinking up new ways to redirect unsuspecting visitors to their drive-by landing page. The guys over at Sucuri often find really interesting redirects that they’ve come up with. What I have been doing lately is documenting these … Continue reading

Posted in Exploit Packs, Malscript, Tools | Tagged , , | Comments Off on Pinpointing Malicious Redirects