Friday, June 3, 2016

Deofuscating Exploit Kit Iframe

Got an alert on a exploit kit redirect, went into the PCAP via wireshark and did export HTTP Objects and got this malicious exploit kit redirect code. After modifying it slightly and running my analysis code (changed the eval and cookie setting statements into console.log statements) I was able to extract this malicious redirect code which when all the above is executed generates this single DIV tag with a malicious iframe

More about neonprimetime

Top Blogs of all-time
  1. pagerank botnet sql injection walk-thru
  2. DOM XSS 101 Walk-Through
  3. php injection ali.txt walk-thru

Top Github Contributions
  1. Qualys Scantronitor 2.0

Copyright © 2016, this post cannot be reproduced or retransmitted in any form without reference to the original post.

No comments:

Post a Comment