malware yara rules

/* -------------------------
------ NanoCore ------------
--------------------------- */

rule NanoCoreByName
{
meta:
 author = "@neonprimetime"
 description = "NanoCore"
strings:
 $string0 = "NanoCore Client" nocase
 $string1 = "NanoCore.Client" nocase
 $string2 = "NanoCoreBase" nocase
 $string5 = "NanoCoreSwiss" nocase
 $string6 = "NanoCoreStressTester" nocase
condition:
 1 of them
}

rule NanoCoreByKeyword
{
meta:
 author = "@neonprimetime"
 description = "NanoCore"
strings:
 $string1 = "NanoBrowser" nocase
 $string2 = "NanoScript" nocase
 $string3 = "SurveillanceEx" nocase
 $string4 = "NanoCoreStressTester" nocase
 $string5 = "accident-investigation.aero" nocase
 $string6 = "KeyboardLogging" nocase
condition:
 3 of them
}

/* -------------------------
------ Remcos RAT-----------
--------------------------- */

rule RemcosRATByName
{
meta:
 author = "@neonprimetime"
 description = "Remcos RAT"
strings:
 $string0 = "Software\\Remcos" nocase
 $string1 = "\\remcos\\" nocase
 $string2 = "REMCOS v" nocase
 $string4 = "Remcos_" nocase
condition:
 1 of them
}

rule RemcosRATByKeyword
{
meta:
 author = "@neonprimetime"
 description = "Remcos RAT"
strings:
 $string1 = "Keylogger Started" nocase
 $string2 = "Connected to C&C" nocase
 $string3 = "Screenshots" nocase
 $string4 = "OpenCamera" nocase
 $string5 = "Uploading file to C&C" nocase
 $string6 = "Initializing connection to C&C" nocase
 $string7 = "cleared!]" nocase
 $string8 = "EnableLUA /t REG_DWORD /d 0" nocase
 $string9 = "RemWatchdog" nocase
 $string10 = "restarted by watchdog" nocase
condition:
 3 of them
}

/* -------------------------
------ Revil/Sodinokibi Ransomware-----------
--------------------------- */

rule RevilRansomwareByName
{
meta:
 author = "@neonprimetime"
 description = "Revil/Sodinokibi Ransomware"
strings:
 $string1 = "Sodinokibi" nocase
 $string2 = "For google: Revil" nocase
condition:
 any of them
}


rule RevilRansomwareByKeyword
{
meta:
 author = "@neonprimetime"
 description = "Revil/Sodinokibi Ransomware"
strings:
 $string1 = "decryptor.top" nocase
 $string2 = "nbody" nocase
 $string3 = "bedbg" nocase
condition:
 3 of them
}

/* -------------------------
------ NjRat -------------
--------------------------- */

rule NjRatByKeyword
{
meta:
 author = "@neonprimetime"
 description = "NjRat"
strings:

 $string0 = "vitimas_" nocase

$string1 = "|'|'||'|'|" nocase
condition:

 1 of them
}

/* -------------------------
------ Lokibot -------------
--------------------------- */

rule LokibotByKeyword
{
meta:
 author = "@neonprimetime"
 description = "Lokibot"
strings:
 $string0a = "five/fre.php" nocase
 $string0b = "Panel/five" nocase
 $string1 = "fre.php" nocase
 $string2 = "Yandex\\YandexBrowser" nocase
 $string3 = "\\Mozilla\\SeaMonkey\\profiles.ini" nocase
 $string4 = "POP3 Password" nocase
 $string5 = "Software\\SimonTatham\\PuTTY\\Sessions" nocase
 $string6 = "EasyFTP\\data" nocase
 $string7 = "aPLib v1.01" nocase
 $string8 = "wcx_ftp.ini" nocase
condition:
 $string0a or $string0b or ($string1 and ($string2 or $string3 or $string4 or $string5 or $string6 or $string7 or $string8))
}
/* -------------------------
------ Revenge RAT -------------
--------------------------- */

rule RevengeRATByName
{
meta:
 author = "@neonprimetime"
 description = "Revenge RAT"
strings:

 $string0 = "Revenge-RAT" nocase

condition:

 1 of them
}

rule RevengeRATByKeyword
{
meta:
 author = "@neonprimetime"
 description = "Revenge RAT"
strings:

 $capture1 = "Start Capture" nocase

 $capture2 = "CaptureScreen" nocase

 $dotnet1 = ".NET" nocase

 $agent1 = "FirewallProduct" nocase

 $agent2 = "AntiVirusProduct" nocase

 $exfil1 = "USERDOMAIN=" nocase

condition:

 $dotnet1 and ($capture1 or $capture2) and ($agent1 or $agent2) and $exfil1
}



/* -------------------------
------ BrushaLoader -------------
--------------------------- */

rule BrushaLoaderByKeyword
{
meta:
 author = "@neonprimetime"
 description = "BrushaLoader"
strings:
 $vbe = ".shellexecute" nocase
 $xyzdomain = "xyz" nocase
 $google = "www.google.com" nocase
condition:
 $vbe and $xyzdomain and $google
}


/* -------------------------
------ Agent Tesla -------------
--------------------------- */

rule AgentTeslaByKeyword
{
meta:
 author = "@neonprimetime"
 description = "Agent Tesla"
strings:
 $checkip1 = "checkip.aws" nocase
 $checkip2 = "checkip.amazon" nocase
 $smtpexfil1 = "smtp." nocase
 $smtpexfil2 = ":587" nocase
 $dotnet1 = ".net" nocase
condition:
 ($checkip1 or $checkip2) and ($smtpexfil1 or $smtpexfil2) and $dotnet1
}



/* -------------------------
------ Trickbot ------------
--------------------------- */

rule TrickbotByKeyword
{
meta:
 author = "@neonprimetime"
 description = "Trickbot"
strings:
 $string1 = "serialNumber=" nocase
 $string2 = "emailAddress=" nocase
 $string3 = "/snapshot/" nocase
 $string4 = "Login Data.bak" nocase
 $string5 = "Grab_Passwords_Chrome" nocase
 $string6 = "Dinkumware" nocase
 $string7 = "tablecredit_cards" nocase
 $string8 = "server_addresses" nocase
condition:
 3 of them
}


/* -------------------------
------ Azorult -------------
--------------------------- */

rule AzorultByKeyword
{
meta:
 author = "@neonprimetime"
 description = "Azorult"
strings:
 $string1 = "wallet.dat" nocase
 $string2 = "PasswordsList.txt" nocase
 $string3 = "timeout.exe" nocase
 $string4 = "Wscript.Shell" nocase
 $string5 = "dotbit.me" nocase
condition:
 3 of them
}
/* -------------------------
------ Netwire -------------
--------------------------- */

rule NetwireByName
{
meta:
 author = "@neonprimetime"
 description = "Netwire"
strings:
 $string1 = "SOFTWARE\\NetWire" nocase
condition:
 1 of them
}


/* ------------------------------
  -------- Emotete by Keyword -----
 -------------------------- */

rule EmotetByKeyword
{
 meta:
  author = "@neonprimetime"
  description = "Emotet Keyword"
 strings:
  $string1 = "acquiremailbox.exe" nocase
  $string2 = "fillmailbox.exe" nocase
  $string3 = "inboxmailbox.exe" nocase
  $string4 = "mailboxacquire.exe" nocase
  $string5 = "mailboxinbox.exe" nocase
  $string6 = "mailboxmailbox.exe" nocase
  $string7 = "manualmailbox.exe" nocase
  $string8 = "monthlymailbox.exe" nocase
  $string9 = "pdfmailbox.exe" nocase
  $string10 = "publishmailbox.exe" nocase
  $string11 = "deployinbox.exe" nocase
  $string12 = "inboxinbox.exe" nocase
  $string13 = "inboxnetsh.exe" nocase
  $string14 = "mailboxinbox.exe" nocase
  $string15 = "netshinbox.exe" nocase
  $string16 = "createatargets.exe" nocase
  $string17 = "ducktargets.exe" nocase
  $string18 = "restoretargets.exe" nocase
  $string19 = "sendtargets.exe" nocase
 condition:

   1 of them
}
/* -------------------------
------ Phoenix Keylogger -------------
--------------------------- */

rule PhoenixKeyloggerByName
{
meta:
 author = "@neonprimetime"
 description = "Phoenix Keylogger"
strings:
 $string1 = "Phoenix Keylogger" nocase
condition:
 1 of them
}



/* -------------------------
------ BetaBot -------------
--------------------------- */

rule BetaBotByKeyword
{
meta:
 author = "@neonprimetime"
 description = "BetaBot"
strings:
 $string1 = "OnAsyncDestroy" nocase

 $string2 = "OnDestroySubject" nocase

 $string3 = "OnRemoveExisting" nocase

 $string4 = "ccnumber" nocase
condition:
 all of them
}




/* -------------------------
------ Generic Malware -------------
--------------------------- */

rule GenericDotNetFramework

{

meta:
 author = "@neonprimetime"
 description = "Generic .NET Framework detection"


strings:

 $string1 = ".NETFramework"

condition:
 1 of them

}


rule GenericBitcoinStealer

{
meta:
 author = "@neonprimetime"
 description = "Generic Bitcoin Stealer"
strings:
 $string1 = "wallet.dat" nocase

 $string2 = "\\wallets\\" nocase

 $string3 = "\\Electrum" nocase

 $string4 = "Coins\\" nocase

 $string5 = "\\bitcoin" nocase

 $string6 = "\\monero" nocase

 $string7 = "electrum.dat" nocase

 $string8 = "wallet_path" nocase

condition:

 1 of them

}



rule GenericUPXPacker

{
meta:
 author = "@neonprimetime"
 description = "Generic UpX packet"
strings:
 $string1 = "UPX" nocase

condition:

 1 of them


}



rule GenericAutoItPacker

{
meta:
 author = "@neonprimetime"
 description = "Generic AutoItPacker"
strings:
 $string1 = "AutoIt" nocase

 $string2 = "Auto-It" nocase

condition:

 1 of them


}




rule GenericCreditCardStealer
{
meta:
 author = "@neonprimetime"
 description = "Generic Credit Card Stealer"
strings:
 $string1 = "ccnumber" nocase
 $string2 = "expirationmonth" nocase

 $string3 = "monthexpiration" nocase

 $string4 = "card_number" nocase

 $string5 = "securitycode=" nocase

 $string6 = "=amex" nocase

 $string7 = "=visa" nocase

 $string8 = "cardnumber" nocase

condition:
 1 of them
}

rule GenericWebTraffic
{
meta:
 author = "@neonprimetime"
 description = "Generic Web Traffic"
strings:
 $string1 = "Server: lighttpd" nocase
 $string2 = "Host: %s" nocase
 $string3 = "POST %s" nocase
 $string4 = ".php" nocase
condition:
 1 of them
}

rule GenericNetworkTraffic
{
meta:
 author = "@neonprimetime"
 description = "Generic Network Traffic"
strings:
 $string1 = /\..{2,3}\:\d+/ nocase
condition:

 1 of them
}


rule GenericScheduledTask
{
meta:
 author = "@neonprimetime"
 description = "Generic Scheduled Task"
strings:
 $string1 = "schtasks" nocase
condition:


 1 of them
}



rule GenericDomainFlag
{
meta:
 author = "@neonprimetime"
 description = "Generic Domain Flag from AD"
strings:
 $string1 = "/domain" nocase
condition:


 1 of them
}



rule GenericCreateFlag
{
meta:
 author = "@neonprimetime"
 description = "Generic Create Flag from AD"
strings:
 $string1 = "/create" nocase
condition:


 1 of them
}




rule GenericAddFlag
{
meta:
 author = "@neonprimetime"
 description = "Generic Add Flag from AD"
strings:
 $string1 = "/add" nocase
condition:


 1 of them
}






rule GenericSpamMailer
{
meta:
 author = "@neonprimetime"
 description = "Generic Spam Mailer"
strings:
 $string1 = "SEND FROM:" nocase
 $string2 = ":587" nocase
 $string3 = "smtp." nocase
condition:
 1 of them
}

rule GenericIPLookup
{
meta:
 author = "@neonprimetime"
 description = "Generic IP Lookup"
strings:
 $string1 = "checkip.amazonaws.com" nocase
 $string2 = "check-ip.aws." nocase
  $string3 = "ipecho.net" nocase
condition:
 1 of them
}

rule GenericWebcamAccess
{
meta:
 author = "@neonprimetime"
 description = "Generic Webcam Access"
strings:
 $string1 = "webcam" nocase
 $string2 = "OpenCamera" nocase
 $string3 = "CloseCamera" nocase
condition:
 1 of them
}
rule GenericScreenCapture
{
meta:
 author = "@neonprimetime"
 description = "Generic Screen Capture"
strings:
 $string1 = "CaptureScreen" nocase
condition:
 1 of them
}

rule GenericCredentialStealer
{
meta:
 author = "@neonprimetime"
 description = "Generic Credential Stealer"
strings:
 $string1 = "Profiles\\Outlook" nocase
 $string2 = "Login Data" nocase
 $string3 = "encryptedPassword" nocase
 $string4 = "HTTP Password" nocase
 $string5 = "\\profiles.ini" nocase
 $string6 = "\\POP3 Password" nocase
 $string7 = "PuTTY\\Sessions" nocase
 $string8 = "EasyFTP\\data" nocase
 $string9 = "Ftplist.txt" nocase
 $string10 = "\\Login Data" nocase
 $string11 = "\\ws_ftp.ini" nocase
 $string13 = "\\accounts.ini" nocase
 $string14 = "\\accounts.dat" nocase
 $string15 = "CREATE TABLE logins" nocase
 $string16 = "CREATE INDEX logins_signon" nocase
 $string17 = "DecryptIePassword" nocase
 $string18 = "GetSavedPasswords" nocase
 $string19 = "\\Passwords\\" nocase
 $string20 = "WinSCP 2\\Sessions" nocase
 $string21 = "\\HTTP Password" nocase
 $string22 = "\\IMAP Password" nocase
 $string23 = "\\SMTP Password" nocase
 $string24 = "\\HTTP Password" nocase
 $string25 = "[passwords]" nocase
 $string26 = "login-form" nocase
 $string27 = "recentservers.xml" nocase
 $string28 = "type=passwords" nocase
 $string29 = "user-password" nocase
 $string30 = "PasswordsList.txt" nocase
condition:


 1 of them
}
rule GenericBrowserHistoryStealer
{
meta:
 author = "@neonprimetime"
 description = "Generic Browser History Stealer"
strings:

 $string1 = "from urls" nocase

 $string2 = "from moz_places" nocase

condition:

 1 of them

}


rule GenericDataStealer
{
meta:
 author = "@neonprimetime"
 description = "Generic Data Stealer"
strings:
 $string0 = "\\User Data" nocase
 $string1 = "360Chrome\\" nocase
 $string2 = "7Star\\" nocase
 $string3 = "Cyberfox\\" nocase
 $string4 = "Amigo\\" nocase
 $string5 = "Apple Computer\\" nocase
 $string6 = "BraveSoftware\\" nocase
 $string7 = "CatalinaGroup\\" nocase
 $string8 = "CentBrowser\\" nocase
 $string9 = "Chedot\\" nocase
 $string10 = "Chromium\\" nocase
 $string11 = "Claws-mail\\" nocase
 $string12 = "CocCoc\\" nocase
 $string13 = "Comodo\\" nocase
 $string14 = "Coowon\\" nocase
 $string15 = "CoreFTP\\" nocase
 $string16 = "Elements Browser\\" nocase
 $string17 = "Epic Privacy Browser\\" nocase
 $string18 = "falkon\\" nocase
 $string19 = "Fenrir Inc\\" nocase
 $string20 = "FileZilla\\" nocase
 $string21 = "Flock\\" nocase
 $string22 = "FTPGetter\\" nocase
 $string23 = "Google\\" nocase
 $string24 = "Ipswitch\\" nocase
 $string25 = "Iridium\\" nocase
 $string26 = "K-Meleon\\" nocase
 $string27 = "Kometa\\" nocase
 $string28 = "liebao\\" nocase
 $string29 = "MapleStudio\\" nocase
 $string31 = "Moonchild Productions\\" nocase
 $string32 = "Mozilla\\" nocase
 $string35 = "NETGATE Technologies\\" nocase
 $string36 = "Opera Mail\\" nocase
 $string37 = "Opera Software\\" nocase
 $string38 = "Orbitum\\" nocase
 $string39 = "Pocomail\\" nocase
 $string40 = "Postbox\\" nocase
 $string41 = "Psi\\" nocase
 $string42 = "Psi+\\" nocase
 $string43 = "QIP Surf\\" nocase
 $string45 = "SmartFTP\\" nocase
 $string46 = "Sputnik\\" nocase
 $string47 = "Tencent\\" nocase
 $string48 = "The Bat!" nocase
 $string49 = "Thunderbird\\" nocase
 $string50 = "Torch\\" nocase
 $string51 = "Trillian\\" nocase
 $string52 = "UCBrowser\\" nocase
 $string53 = "uCozMedia\\" nocase
 $string54 = "VirtualStore\\" nocase
 $string55 = "Vivaldi\\" nocase
 $string56 = "Waterfox\\" nocase
 $string57 = "Yandex\\" nocase
 $string58 = "keychain.plist" nocase
 $string59 = "GetSavedCookies" nocase
 $string60 = "wcx_ftp.ini" nocase

$string61 = "Start Capture" nocase
 $string62 = "\\accounts.xml" nocase
 $string63 = "\\places.sqlite" nocase
 $string67 = "cookies.sqlite" nocase
condition:
 1 of them
}


rule GenericDeletesItself
{
meta:
 author = "@neonprimetime"
 description = "Generic Deletes Itself"
strings:
 $string1 = "DEL /s" nocase
 $string2 = "cmd /c del" nocase
 $string3 = "deleteSelf" nocase
 $string4 = "/c del %s" nocase
 $string5 = "%del" nocase
 $string6 = "& del" nocase
condition:


 1 of them
}




rule GenericMaliciousCommand
{
meta:
 author = "@neonprimetime"
 description = "Generic Malicious Command"
strings:
 $string1 = "CompSpec" nocase
condition:


 1 of them
}



rule GenericKeylogger
{
meta:
 author = "@neonprimetime"
 description = "Generic Keylogger"
strings:
 $string1 = "Keylog" nocase
 $string2 = "KeyboardLogging" nocase
 $string3 = "[Enter]" nocase
 $string4 = "[Ctrl + C]" nocase
 $string5 = "[Ctrl + V]" nocase
condition:
 1 of them
}



rule GenericDelay
{
meta:
 author = "@neonprimetime"
 description = "Generic Delay"
strings:
 $string1 = "ping 192" nocase
 $string2 = "ping 127" nocase
condition:
 1 of them
}
rule GenericSecurityToolDetection
{
meta:
 author = "@neonprimetime"
 description = "Generic Security Tool Detection"
strings:
 $string1 = "FROM FirewallProduct" nocase
 $string2 = "from AntiVirusProduct" nocase
condition:
 1 of them

}

rule GenericDisableAntivirus
{
meta:
 author = "@neonprimetime"
 description = "Generic Disable AntiVirus"
strings:
 $string1 = "DisableBehaviorMonitoring" nocase
 $string2 = "DisableOnAccessProtection" nocase
 $string3 = "DisableScanOnRealtime" nocase
 $string4 = "DisableRealtimeMonitoring" nocase
 $string5 = "DisableBlockAtFirstSeen" nocase
 $string6 = "DisableIOAVProtection" nocase
 $string7 = "DisableAntiSpyware" nocase
 $string8 = "DisableArchiveScanning" nocase
 $string9 = "DisableScriptScanning" nocase
 $string10 = "Set-MpPreference" nocase
condition:
 1 of them

}
rule GenericFirewallModification

{
meta:
 author = "@neonprimetime"
 description = "Generic Firewall Modifiction"
strings:
 $string1 = "netsh advfirewall" nocase
 $string2 = "firewall add" nocase
condition:
 1 of them

}


rule GenericPHPPanel
{
meta:
 author = "@neonprimetime"
 description = "Generic PHP Panel"
strings:

 $string1 = "/gate.php" nocase

 $string2 = "/fre.php" nocase

condition:

 1 of them

}

rule GenericBase64

{
meta:
 author = "@neonprimetime"
 description = "Generic PHP Panel"
strings:

 $string1 = /\=\=\r\n/ nocase

condition:

 1 of them

}



rule GenericDynamicDns


{
meta:
 author = "@neonprimetime"
 description = "Generic Dynamic DNS"
strings:

 $string1 = ".duckdns.org" nocase

condition:

 1 of them

}

rule GenericVisualBasicScript
{
meta:
 author = "@neonprimetime"
 description = "Generic Visual Basic Script"
strings:
 $string1 = ".shellexecute" nocase
 $string2 = "shell.application" nocase
 $string3 = "Wscript.Sleep" nocase
 $string4 = "ExecuteGlobal" nocase
 $string5 = "Shell.run" nocase
 $string6 = "Scripting.FileSystemObject" nocase
 $string7 = ":::const " nocase
 $string8 = "vbscontent" nocase
 $string9 = "Execute(" nocase
 $string10 = "ChrW(48) & ChrW(" nocase
 $string11 = "ChrW(48)&ChrW(" nocase
condition:
 1 of them
}

rule GenericHackerTerms
{

meta:
 author = "@neonprimetime"
 description = "Generic Hacker Terms"
strings:
 $string1 = "payloadpath" nocase
 $string2 = "payloadexist" nocase

condition:
 1 of them

}

rule GenericAntiDebug
{
meta:
 author = "@neonprimetime"
 description = "Generic Anti Debug techniques"
strings:
 $string1 = "CheckRemoteDebuggerPresent" nocase
condition:
 1 of them

}


rule GenericTor
{
meta:
 author = "@neonprimetime"
 description = "Generic Tor Dark Web"
strings:
 $string1 = "torproject.org" nocase
 $string2 = ".onion" nocase
 $string3 = "TOR browser" nocase
 
condition:
 1 of them

}


rule GenericPasswordList
{
meta:
 author = "@neonprimetime"
 description = "Generic Password List"
strings:
 $string1 = "peternorth" nocase
 $string2 = "motherfucker" nocase
 $string3 = "pimpdaddy" nocase
 $string4 = "ihavenopass" nocase
 $string5 = "fuckoff" nocase
 $string6 = "dickhead" nocase
 $string7 = "passw0rd" nocase
 $string8 = "changeme" nocase
condition:
 1 of them

}

rule GenericUserAgent

{

 meta:

  author = "@neonprimetime"
  description = "Generic User Agents oddities"

 strings:
  $string1 = "User-Agent: curl" nocase

  $string2 = "User-Agent: wget" nocase

 condition: 

  1 of them

}

rule GenericWebServer

{

 meta: 

  author = "@neonprimetime"

  description = "Generic Web Server info"

 strings: 

  $string1 = "nginx"

  $string2 = "apache"

 condition:
  1 of them

}

XSS Flaws lead to Keylogging,Webcams, & more

I've enjoyed talking about XSS many times on this blog. Today is another one of those days! We're going to bring it hopefully full circle this time. First just as a heads up I'm working in my VM environment with networking configured like this to have a Kali linux box with Apache Web Server and also with BeEF and a windows 7 box with chrome.

Let's say a developer wrote a vulnerable PHP user page on his goodsite.com with this line of code. It's vulnerable to XSS because it's just echoing the user-controlled input back to the screen. This can be really bad as we'll see in a minute.

echo sprintf("User: %s", $_GET['userid']);

Now an evil attacker may swoop in, discover this flaw, and try to get one of your users of the website to click on a link that looks like this



Notice the javascript that tries to load a hook.js file from an evil site. We'll get to what that is later. First you should know that by default Chrome and many modern browsers actually would've saved your life already. Chrome's XSS auditor would've caught this and silently blocked it. You can see this if you view source and find the red highlighted text.



But let's say I was running an older insecure browser, the vulnerability was actually somewhere else and Chrome didn't catch it, or I'm evil and know how to evade the XSS Auditor, or I simply disabled the xss auditor feature (don't do this) in chrome like below.



Then truly bad things will happen as you see below. The evil attacker got my end user to go to my goodsite, but per the Chromes developer tab (F12) I'm able to see that even though my good page loaded, in the background, something else more evil loaded. A hook.js file from evilsite.com which came from the XSS injection of the script src tag. In addition, notice that the hook.js isn't done yet. It's actually created persistence. It's now running over and over every few seconds. This looks bad.



Over on the BeEF console the attacker probably sees some log like this showing him that you've joined his party



And at his disposal he can do whatever he wants as long as your browser and plugin versions support it including evil stuff like enabling your webcam



Or if you happen to type in a password or credit card



He's going to see that as well



One thing I found really cool about BeEF is that you can view all the javascript code behind the scenes making these hooks, keylogging, etc. work is all write there for you to view.



So if you're like me and have a background in web development as a good guy, then you can figure out exactly what code some of the bad guys are taking advantage of.

And finally I'll harp on it again, if you're a web developer, hopefully this blog post gives you another good reason to take XSS flaws seriously for the sake of your end user.

More about neonprimetime

• neonprimetime pastebin
• neonprimetime virustotal
• @neonprimetime twitter
• neonprimetime reddit

Top Blogs of all-time

1. pagerank botnet sql injection walk-thru
2. php injection ali.txt walk-thru
3. php injection exfil walk-thru

Copyright © 2015, this post cannot be reproduced or retransmitted in any form without reference to the original post.