PaulDotCom mailing list archives
[Security Weekly] Building a Decoder for the CVE-2014-0502 Shellcode
From: Andrew Case <atcuno () gmail com>
Date: Tue, 08 Apr 2014 08:32:59 -0500
Hello All, I have published a new blog post analyzing the encrypted shellcode from the main CVE-2014-0502 attack: http://volatility-labs.blogspot.com/2014/04/building-decoder-for-cve-2014-0502.html It goes through some functionality of the malicious Flash file followed by analysis of the shellcode used within the encrypted GIF. This attack's particular use of a malicious Flash file along with an "encrypted" GIF shows some of the complexity of modern attacks, and highlights the diverse set of skills needed to analyze the attacks (Flash reversing, binary shellcode reversing, and understanding exploitation techniques, such as ROP, ALSR bypass, etc.). This particular attack was also noticeable because of how many different companies published public research on it (I have references in the blog). I hope that you enjoy the blog post and potentially learn something from it. I am happy that my anonymous friend allowed me to publish the research. -- Thanks, Andrew (@attrc) _______________________________________________ securityweekly mailing list securityweekly () mail securityweekly com http://mail.securityweekly.com/cgi-bin/mailman/listinfo/securityweekly Main Web Site: http://pauldotcom.com
Current thread:
- [Security Weekly] Building a Decoder for the CVE-2014-0502 Shellcode Andrew Case (Apr 08)
- [Security Weekly] Security Hype Pete Herzog (Apr 08)