In this blog, i like to discuss more about detecting the vulnerability triggered by a particular exploit using Sulo. I have extended it to detect few of the recent vulnerabilities. I have added code to detect CVE-2015-0310, CVE-2015-0311 and CVE-2015-0313. This is useful to security researchers who analyze flash exploits. Yes you can find those by parsing the output that Sulo produces but many a times exploit crashes the IE process before we get some interesting logs or log file size is too big and time consuming to analyze. I am sure we can extend it to detect few more vulnerabilities that is used in exploit kits. It will reduce the time needed to analyze (and identify CVE of ) exploit sample. I have seen cases where a single flash exploit exploits various vulnerabilities, in this case we will detect only one CVE. So in that case we definitely need manual analysis.
more here,,,,,,,,,,,,https://hiddencodes.wordpress.com/2015/02/25/extend-sulo-to-find-the-cve-of-flash-exploits/
more here,,,,,,,,,,,,https://hiddencodes.wordpress.com/2015/02/25/extend-sulo-to-find-the-cve-of-flash-exploits/