Latest Internet Explorer 0-day Vulnerability Demo

Most of you have already heard or know about the latest 0-day vulnerability affecting Microsoft's Internet Explorer. In the video demo below, i show you how to perform the attack on a demo lab network. As always this video is for tutorial and educational purposes only. I am also providing the original advisory from Microsoft and the vulnerability information from Secunia and Security Focus which both are considered to be leaders in providing vulnerability advisories.

Microsoft Advisory: http://www.microsoft.com/technet/security/advisory/981374.mspx
BID: http://www.securityfocus.com/bid/38615
Secunia ID: http://secunia.com/advisories/38860

For any questions, comments, or recommendations; leave it in the comments section below.

Comments

Post a Comment

Popular posts from this blog

A Quick Dip into MuddyWater's Recent Activity

Image
INTRODUCTION Since my last blog-post  on MuddyWater operations, they seem to have been continuing their activities and as expected developing/changing some of their tactics and techniques. It is still apparent their heavy focus on layered obfuscation and preference for PowerShell. However, I will highlight what changed based on the sample that I will be analyzing. This started with the sample "idrbt.doc " -  009cc0f34f60467552ef79c3892c501043c972be55fe936efb30584975d45ec0  uploaded to VT on February 27, 2017. IDRBT stands for Institute for Development and Research in Banking Technology which according to Wikipedia is an institution exclusively focused on Banking Technology. Established by the Reserve Bank of India (RBI) in 1996, the Institution works at the intersection of Banking and Technology. It is located in Hyderabad, India. Right from carrying out cutting-edge Development and Research, enabling creation of technology infrastructure to moulding the technolog
Read more

POWERSING - FROM LNK FILES TO JANICAB THROUGH YOUTUBE & TWITTER

Image
INTRODUCTION This post will discuss an ongoing campaign that have been operational since at least August 2017 . The post will look into the delivery of the malware, some analysis on the payload, and some additional insights in relation to the campaign. It is by no means a full in depth analysis of the malware and all it's functionality.  LAWYER UP!! This all started with a tweet by the AWESOME Jacob Soo ( @_jsoo_ ) whom I recommend you go and follow if you are interested in analyzing malware and tracking different threat actors. The sample is a ZIP file titled "Dubai_Lawyers_update_2018.zip" and the archive contains two LNK files that are perpetrating to be PDF files. The actors in this case borrowed couple of files from the British Embassy site and used them as decoy documents to lure victims into believing that these files are in fact legitimate. https://assets.publishing.service[.]gov.uk/government/uploads/system/uploads/attachment_data/file/754075/
Read more

PRB-Backdoor - A Fully Loaded PowerShell Backdoor with Evil Intentions

Image
INTRODUCTION The great people at ClearSky  reached out to me a couple of days ago regarding a sample that they suspected could be related to MuddyWater.  They suspected so because the sample had some similarities with the way MuddyWater lures look like and some similarities in some PowerShell obfuscation, in specific the character substitution routine. MuddyWater Sample New Sample However, after analyzing the sample and investigating it more, I was able to showcase that this is indeed something different but nonetheless interesting. This blog is a walk through my analysis and will highlight initial insights into this potential attack. THE SAMPLE - FROM AIRMILES TO MACRO CODE TO POWERSHELL The sample that was shared with me is a macro laced word document called "Egyptairplus.doc " with an MD5 hash of  fdb4b4520034be269a65cfaee555c52e .  The macro code contains a function called Worker() which calls multiple other functions embedded in the document to u
Read more