Neosploit development update

For the past month or so we have been observing more activity in Neosploit's development. Exploits are being removed then added and new ones introduced. To be fair in relation to the previous post we can now confirm that Adobe exploit IS being used by this toolkit.

Another interesting change is less obvious and not so important to Incident Responders but more so for Intrusion Detection folks. The main Javascript deobfuscation function has seen some changes recently. So, those of you who depend on IDS to detect the script should probably review their traffic, honeypots, hids, etc... for new changes.

No comments: