Xanda - blog.xanda.org - Xanda's Blog !~!
General Information:
Latest News:
In response to ISC Diary’s “an epidemic of typo squatting” 13 May 2013 | 08:04 pm
I’ve been monitoring placeholder and typo squatting domains for few months now, and I’ve read a write-up on ISC diary on “Is there an epidemic of typo squatting?”. There are a few conclusions that I c...
Detecting counter.php – The BlackHole Redirector 5 Apr 2013 | 01:05 pm
Have you ever came across the following line of code injected to your (or you visited) website If I get it correctly, it is the BlackHole Exploit Kit redirector. The pattern for this “counter.php” i...
RedKit Redirector Injected into Legitimate JavaScript Code 14 Feb 2013 | 09:32 pm
Hi, Nothing special and interesting but just to share some (old) info on this topic I’ve read Sophos’s blog post yesterday on “Malware injected into legitimate JavaScript code on legitimate websites...
Yara Detection for Java Applet JMX Remote Code Execution (CVE-2013-0422) 12 Jan 2013 | 02:47 pm
Hi It’s a bit to late for me to write this, but at least CVE-2013-0422 is no longer a secret.. and yes I can share some yara rule for this Anyway, thanks to @kafeine for the disclosure and thanks to...
RedKit Patterns – Additional Info to @fknsec Writeup 12 Dec 2012 | 06:23 am
It’s been a while since the last time I logged in into my WordPress. I’ve jumped on BlueCoat System‘s bandwagon (and left MyCERT earlier), so I’ve to spent some time to make myself familiar with this ...
Android Emulator Error on Ubuntu 64bit 2 Aug 2012 | 11:56 am
SDL init failure, reason is: No available video device If you are getting the above error while launching Android emulator on 64bit OS, these are what you need to do: sudo apt-get update sudo apt-get ...
PHP 5.4.3 (cli) Code Read Vulnerability? 15 Jun 2012 | 11:40 pm
As posted on http://1337day.com/exploits/18605, cheki claimed that PHP 5.4.3 is vulnerable to code read vulnerability, where the PHP interpreter will fail to execute the file once ‘~’ symbol added to ...
Default SCADA Ports 14 Jun 2012 | 05:16 pm
Just re-mirror for http://pastebin.com/EwCibKgc
Fixing pcre++ looping bug in Macports 30 May 2012 | 02:57 pm
I’ve updated my Macports to version 2.1.1 and out of sudden, the following error/warning occur: This is due to the pcre++ is now replaced with pcrexx package. As for the quick solution for this: In ...
Installation of Thug (a Python low-interaction honeyclient) on Ubuntu/Debian 21 May 2012 | 03:52 pm
Thug is a Python low-interaction honeyclient aimed at mimicking the behaviour of a web browser in order to detect and emulate malicious contents. [1] I’m impressed with the artwork of @buffer AKA Ang...