Category: Confiant – Medium

The Curious Case Of MutantBedrog’s Trusted-Types CSP Bypass

MutantBedrog is a malvertiser that caught our attention early summer ’04 for their highly disruptive forced redirect campaigns and the unique JavaScript payload that they use to fingerprint devices and dispatch invasive redirections. While a comprehensive report on MutantBedrog’s TTPs…

ScamClub’s Deceptive Landing Pages

Recently, I was involved in publishing Confiant’s ScamClub: Threat Report Q1-Q2 2023. During our investigation into this malvertising threat, we found ScamClub utilizing RTB integration with ad exchanges to push bid responses upstream to forcefully redirect the victim’s browser from…

Malvertiser Makes the Big Bucks on Black Friday

The DatalyMedia Cookie Dragon (source: MidJourney) Confiant’s broad coverage in ad tech gives us visibility on some of the darkest corners of the ecosystem. We are strong believers that to truly fight malvertisers, we have to understand their motives. Sometimes…

CashRewindo: How to age domains for an investment scam like fine scotch

Years-old domains, compromised JS libraries and worldwide-localized content among tactics of this sophisticated attacker. In Internet parlance, “old” has a much younger meaning — domains, virtual servers, image assets — everything is now or never. So much so that many security vendors rely heavily…

A Whirlwind Tour Of Crypto Phishing

This article has been indexed from Confiant – Medium The post-pandemic world has seen cryptocurrencies and blockchain products in general catapult in valuation and adoption. “Web3”, “DeFi”, and “NFT” have become household terms and the sector is growing so fast…

Malvertising: Made in China

Read the original article: Malvertising: Made in China via Pixabay (creative commons) Two loosely related cybercrime groups operating scores of fake ad agencies from China are so deeply embedded in the ad tech industry that they can launch attacks that…

Malvertising: Made in China

Read the original article: Malvertising: Made in China via Pixabay (creative commons) Two loosely related cybercrime groups operating scores of fake ad agencies from China are so deeply embedded in the ad tech industry that they can launch attacks that…

Internet Explorer CVE-2019–1367 Exploitation — part 3

Read the original article: Internet Explorer CVE-2019–1367 Exploitation — part 3 Internet Explorer CVE-2019–1367 Exploitation — part 3 Shellcode Analysis Extracting shellcode of Magnitude Exploit KIT After successful exploitation of CVE-2019–1367, malicious Magnitude Exploit Kit shellcode instructions are executed. First stubs are a simple shellcode loader…

Internet Explorer CVE-2019–1367 Exploitation — part 3

Read the original article: Internet Explorer CVE-2019–1367 Exploitation — part 3 Internet Explorer CVE-2019–1367 Exploitation — part 3 Shellcode Analysis Extracting shellcode of Magnitude Exploit KIT After successful exploitation of CVE-2019–1367, malicious Magnitude Exploit Kit shellcode instructions are executed. First stubs are a simple shellcode loader…

Internet Explorer CVE-2019–1367 In the wild Exploitation — prelude

Read the original article: Internet Explorer CVE-2019–1367 In the wild Exploitation — prelude Internet Explorer CVE-2019–1367 In the wild Exploitation — prelude Photo by Darius Bashar on Unsplash CVE-2019–1367 background and in-the-wild exploitations There are some important aspects to know about CVE-2019–1367 before diving into…

Internet Explorer CVE-2019–1367 Exploitation — part 1

Read the original article: Internet Explorer CVE-2019–1367 Exploitation — part 1 Internet Explorer CVE-2019–1367 Exploitation — part 1 Extracting the Exploit from the PCAP In this section we will go through the process of extracting the exploit from the pcaps generously provided by malware-traffic-analysis. Luckily for…

Internet Explorer CVE-2019–1367 Exploitation — part 2

Read the original article: Internet Explorer CVE-2019–1367 Exploitation — part 2 Internet Explorer CVE-2019–1367 Exploitation — part 2 In Part1 we explained CVE-2019–1367 vulnerability root cause. In this part we will discuss how this bug was exploited in the wild to achieve code execution. We…