If at first you don't succeed; call it version 1.0
Sunday, October 15, 2006

Exploits for browser vulnerabilities are here to stay.
Most security products today are using reactive methods (signatures) to detect the specific exploit, instead of trying to detect the general case of the vulnerability exploitation. Evading those signatures is very easy, as I already showed.

The methods I presented were simple and very specific to the VML vulnerability. H.D. Moore have implemented some of these methods in his Metasploit's VML exploit module. Others were implemented in old browser exploit modules, like the createTextRange exploit module.

H.D. Moore, LMH, and I have decided to generalize the evasion methods and package them all into one project.

Introducing: VoMM (eVade-o-Matic Module for metasploit) - Taking browser exploits to the next level.

The purpose of this project is to create a module for Metasploit that will take any given browser exploit and make it as undetectable as possible.

Currently, most Anti-Viruses signatures relies on "variants". Meaning, any little change in the malicious code is considered by the AV as a new variant.
The VoMM project shows that this procedure cannot be applied to browser exploits, as each exploit can have endless number of "variants" with no change to the server side code.

More detailed information about the VoMM project, and the evasion techniques that were implemented, can be found in LMH's info-pull blog.   


Sunday, October 15, 2006 3:14:51 PM UTC | Comments [5] | Security#
Wednesday, October 11, 2006

I've just transfered my domain and hosting to GoDaddy. They seem very nice, and have some good domains/hosting deals.

I also decided to upgrade my dasBlog version to 1.9, which supports a redirection of RSS to feedburner.

So, from now on all my RSS feeds are automatically redirected to my feedburner's account. No need to change your subscription.

Comments, suggestions or flames about the recent changes are more than welcome :)


Wednesday, October 11, 2006 10:24:04 PM UTC | Comments [2] | General#
Send me an Email
Follow me on Twitter
RSS Feeds
  
Blogroll
Archive
Admin Login
Sign In
Disclaimer
The opinions expressed herein are my own personal opinions and do not represent my employer's view in anyway.