Friday, June 3, 2016

Deofuscating Exploit Kit Iframe

Got an alert on a exploit kit redirect, went into the PCAP via wireshark and did export HTTP Objects and got this malicious exploit kit redirect code. After modifying it slightly and running my analysis code (changed the eval and cookie setting statements into console.log statements) I was able to extract this malicious redirect code which when all the above is executed generates this single DIV tag with a malicious iframe


More about neonprimetime


Top Blogs of all-time
  1. pagerank botnet sql injection walk-thru
  2. DOM XSS 101 Walk-Through
  3. php injection ali.txt walk-thru


Top Github Contributions
  1. Qualys Scantronitor 2.0


Copyright © 2016, this post cannot be reproduced or retransmitted in any form without reference to the original post.

No comments:

Post a Comment