This is a fairly trivial item, but I haven’t posted in a good long while so I thought I’d drop off 5 lines of JS and pretend it’s something.

Many of you have by now made use of Greasemonkey to add functionality or alter webpages on-the-fly.  Since it’s release in 2005 Greasemonkey has been a friend to anyone wanting to control the way their user experience works.  That said, I tend to forget all about it and have written only a handful of scripts.

My reasons:

1. Lazy
2. Weak JavaScript Fu
3. Not annoyed by issue quite enough
4. See item 1.

So, nist.gov provides a handy CVSSv2 calculator available @ http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2.  The calculator works fine (or at least as well as the scoring system and provides the user with a shortened form of the values used to calculate the score.  A not so obvious fact is that it is possible to pass this shortened form to the calculator using the vector= parameter to dynamically load the values.
Read more…

Code cvssv2, greasemonkey, javascript

Recently I’ve decided to pull my ‘pdf_plus_js.pl‘ perl script out of retirement and repurpose it for fuzzing javascript functions in PDFs.  With some very minor tweaks we can loop through arrays of fuzz data and multipliers to quickly generate decent samples of PDFs to test with.

This started as a pretty nasty hack.  I’m not above saying so.  Hold on to your peanuts though, it gets nastier.

Read more…

Code 0day, adobe, javascript

Walk with me.  Let me rap unto you a little story about how an AV detection might go.  So, your AV makes a good detection on a suspect file.  Unbelievable already right?  Say it does, but it’s using a heuristics engine and not it’s typical signature definitions.

For Symantec these heuristics are Bloodhound and files that are flagged usually get some name such as ‘Bloodhound.exploit.somenumber’.

So, is this it?  Leave it and move on to the next thing that will burn up the day?  It doesn’t have to be. Let’s dig deeper. Read more…

Anti-malware adobe, javascript, malware, pdf