Xanda's Blog !~!

IronFox

Jun
15

IronFox is firefox in a sandbox, or more correctly, an application shell script wrapper that starts firefox in a sandbox. The policy is bundled within the app, should there be any desire to inspect the policy before use.

The goal of the policy is to let the user browse the web without interfering, but still protect the users privacy and system integrity from vulnerabilities that may exist in firefox or its plugins. The only restrictions that Ironfox gives the user is that downloads and uploads may only recide in the users download directory, and that ironfox itself can not launch any other applications.

Read more HERE

Yara Rule for CVE-2010-1297

Jun
11
rule FlashNewfunction: decodedPDF
{
   meta:  
      ref = "CVE-2010-1297"
      hide = true
      impact = 5 
   strings:
      $unescape = "unescape" fullword nocase
      $shellcode = /%u[A-Fa-f0-9]{4}/
      $shellcode5 = /(%u[A-Fa-f0-9]{4}){5}/
      $cve20101297 = /\/Subtype ?\/Flash/
   condition:
      ($unescape and $shellcode and $cve20101297) or ($shellcode5 and $cve20101297)
}

Yara Rule for CVE-2010-1885

Jun
11
rule HelpSupportCenter
{
   meta:  
      ref = "CVE-2010-1885"
      hide = true
      impact = 5 
   strings:
      $cve20101885 = /hcp:\/\/.*?(%u?[A-F]{1,4}.*?){90}/
   condition:
       all of them
}

257 Israel Websites Defaced

Jun
02

Total notifications: 257 of which 81 single ip and 176 mass defacements

Most of them critic the attack of Israel on the Gaza aid ship

Details: Zone-h

*UPDATE*

2nd June: Total notifications: 664 of which 94 single ip and 570 mass defacements