вторник, 14 мая 2013 г.

On PHDays 2013 I will speak about Dynamic detection of shell code in electronic documents

On PHDays 2013 FastTrack I will speak about Dynamic detection of shell code in electronic documents

The past few years show frequent use of e-mail messages with electronic documents containing exploits. Attackers use this technique to enlarge botnets or to spy on the industrial secrets of an organization. The report will describe dynamic detection of shellcode in electronic documents without signature analysis to enhance security of employees engaged in document flow. A zero-day vulnerability detected in Yandex.Browser will be used to demonstrate how the software use can decrease incident response time spent by the information security service of a company.

My speech will be on Russian, but I'll try to create slides on English.


My speech based on this article (in Russian)

We tested our programm on:
> 20 000 *.pdf files (was opened in Adobe Reader 9-11, Foxit Reader 3-6, Google Chrome, Yandex.Browser)
> 10 000 *.doc, *.docx, *.rtf files (was opened in MS Word 2003, 2007, Libre Office 4.0)
OS Win XP, Win 7

We'he found:

Some APT attacks with some known CVE (CVE-2012-0158 and some else) for MS Word 2003, 2007

Vulnerability on Yandex.Browser (must fixed in latest version, but I didn't check it at this time)

Many crashes on many programs, that we still researching.

Original message on Russian

четверг, 10 января 2013 г.

Russian researcher found 0day vulnerability on Firefox 18 and Opera 12.12

 Russian researcher found 0day vulnerability on Firefox 18 and Opera 12.12

Attacker can read  arbitrary file on victim host. Vulnerability is not sensitive for OS type. It must work on Windows, Linux etc.

The researcher announced about social engineering way to use this vulnerability. Attacker gives a link. A victim must save evil html-page into local computer. And then open saved evil html-page via victim browser (Firefox or Opera).