Thursday, September 16, 2010

Combining the Quicktime "Marshaled_pUnk" exploit with JSidle

The Quicktime "Marshaled_pUnk" exploit works well with a Javascript packer to circumvent AV detection as it solely relies on Javascript code. Quite often a web based exploit needs a special setting (HTML objects, data files etc.) beside the Javascript code and therefore makes it easier to create an AV signature.

The current metasploit module for the exploit (see here) has a detection rate of 14/43 on VirusTotal.
After changing a few lines to use the JSidle packer (patches on github) the detection drops to zero, no further customization needed.

As the packer is available for over 2 months now, it seems to work quite well.

6 comments:

  1. This comment has been removed by the author.

    ReplyDelete
  2. This was huge information for all those who need this. That was a really good blog and of course knowledgeable. Thank you for sharing this much information with us. Case Packers

    ReplyDelete
  3. I always like your article because you have provide every time informative post..new whatsapp plus download free pc

    ReplyDelete
  4. I'd like to express my gratitude for writing such an informative piece on this blog about Robotic Case Packaging Systems This article provided me with a variety of data. Continue to post.

    ReplyDelete
  5. Your blogs are great.Are you also searching for Cheap Nursing Writing company? we are the best solution for you. We are best known for delivering cheap nursing writing services to students without having to break the bank.whatsapp us:+1-(951)-468-9855

    ReplyDelete
  6. Great Platform. Are you also searching for nursing essay writing help? we are the best solution for you. We are best known for offering the best nursing essay writing services

    ReplyDelete