Get2092708251.doc
This post attempts to describe the approach to reverse engineering a malicious Microsoft Word document found on hybrid-analysis.com.
Recent Posts
ASPack manual unpacking
This post attempts to describe the approach to manual unpack a sample program packed using the ASPack packer.
Manual analysis of Downloader.CUZ malware - rsrc Section
Downloader.CUZ malware performs multiple actions. I describe how it uses Portable Executable format to store an arbitrary file.
Buffer overflow exploit in EasyCom for PHP 4.0.0.29 (CVE-2017-5358)
Stack-based buffer overflows in EasyCom for PHP 4.0.0.29 allows remote attackers to execute arbitrary code via a crafted input.
Does this decryptor really decrypts my files?
A story of my last week before the summer holiday and a malware.
MS14-059 - Analysis and POC
A quick review about MS14-059. A security update that resolves a publicly disclosed vulnerability in ASP.NET MVC.
Roundcube Webmail Virtualmin Privilege Escalation (CVE-2017-8114)
Roundcube Webmail allows arbitrary password resets by authenticated users. This affects versions before 1.0.11, 1.1.x before 1.1.9, and 1.2.x before 1.2.5. T...
Crash in FastStone MaxView 3.1 (CVE-2017-6078)
FastStone MaxView 3.0 and 3.1 allows user-assisted attackers to cause a denial of service (application crash) via a malformed BMP image with a crafted biSize...
Multiple vulnerabilities in Joomla Event Manager 2.1.4
A couple of security issues in Joomla Event Manager plugin, JEM 2.1.4.