Hello All,
I have published a new blog post analyzing the encrypted shellcode from
the main CVE-2014-0502 attack:
http://volatility-labs.blogspot.com/2014/04/building-decoder-for-cve-2014-0…
It goes through some functionality of the malicious Flash file followed
by analysis of the shellcode used within the encrypted GIF.
This attack's particular use of a malicious Flash file along with an
"encrypted" GIF shows some of the complexity of modern attacks, and
highlights the diverse set of skills needed to analyze the attacks
(Flash reversing, binary shellcode reversing, and understanding
exploitation techniques, such as ROP, ALSR bypass, etc.). This
particular attack was also noticeable because of how many different
companies published public research on it (I have references in the blog).
I hope that you enjoy the blog post and potentially learn something from
it. I am happy that my anonymous friend allowed me to publish the research.
--
Thanks,
Andrew (@attrc)