IIS Level SQL Injection Prevention

  • Posted on: 3 September 2015
  • By: siteadm

It has been long time since my last post, I have been really busy these days. But I hope this nice post would compensate for days I didn't post anything. So this post has a back story, but again, I can not go in detail, can not name any particular application or company. So I won't be disclosing any information regarding the case, but I will do my best to explain the situation.

Poor Man's Unbreakable Encrypted TCP Tunnel

  • Posted on: 7 March 2015
  • By: siteadm

Since it has been long time I didn't write something, I decided to find something to write about. I was planning to write about one of my findings while I was doing some penetration testing for a customer. I found an interesting vulnerability in a ColdFusion written web site of the client, it took me quite some time to successfully gain full control of the server by leveraging the bug. This portal was in use for long time and a lot of people have tested it and checked it for vulnerabilities, but it seems that all of them missed my finding.

Supreme Leader's Not-That-Supreme Malwares

  • Posted on: 14 January 2015
  • By: siteadm

Recently while surfing Reddit, I came across this beautiful subreddit which is dedicated to NK. While reading "mind blowing" miracles of the Supreme Leader, I clicked on several links, one link led to another and during my visits to several NK web sites, I came across the Korean Central News Agency of DPRK. Just by taking a look at very top of the HTML source code of homepage, I saw this code:

CVE-2014-4113 Detailed Vulnerability and Patch Analysis

  • Posted on: 24 October 2014
  • By: siteadm

As you might have heard, Microsoft recently patched some vulnerabilities; vulnerabilities related to Sandworm CVE-2014-4114 (Powerpoint exploit) and font parsing (CVE-2014-4148). But in this article, I'm more interested to talk about CVE-2014-4113, which is a local kernel vulnerability that successful exploitation would give you SYSTEM access.

Building Ultimate Anonymous Malware Analysis and Reverse Engineering Machine

  • Posted on: 17 October 2014
  • By: siteadm

In this article, I'll show you my malware analysis environment and setup. I have to say that all software and configurations written in this article are totally my personal preference, this is my configuration and I like it, but please don't hesitate to share your ideas. So I'll start from very beginning: OS installation.

FinFisher Shell Extension and Drivers Analysis

  • Posted on: 14 October 2014
  • By: siteadm

Analysis of Finfisher shell extension which is basically a keylogger DLL, driverw.sys file which they use for MBR modifications (in case \\.\PhysicalDrive0 wasn't accessible from user-mode) and mssounddx.sys which is in direct communication with MBR code and used to create thread and inject code into user-mode processes.

FinFisher Malware Analysis - Part 2

  • Posted on: 2 October 2014
  • By: siteadm

In previous post, I fully analyzed dropper part of FinFisher malware. In this post, I'll share with you details of FinFisher malware main component which I got it from the dropper. This part is also as interesting as dropper part and does have several techniques and tricks, but as far as I know, again, most of them was already known and used in other malwares, but I might be wrong. So stay tuned for a another very detailed step by step analysis.