Vectra Threat Labs

Recent Posts

Turning a Webcam Into a Backdoor

Posted by Vectra Threat Labs on Jan 12, 2016 5:00:00 AM

Why do this?

Reports of successful hacks against Internet of Things (IoT) devices have been on the rise. Most of these efforts have involved demonstrating how to gain access to such a device or to break through its security barrier. Most of these attacks are considered relatively inconsequential because the devices themselves contain no real data of value (such as credit card numbers or PII). The devices in question generally don't provide much value to a botnet owner as they tend to have access to lots bandwidth, but have very little in terms of CPU and RAM.

Read More »

Topics: IoT, Internet of Things, APT, Monitoring

Vectra Threat Labs discovers vulnerabilities in Adobe Reader and Internet Explorer

Posted by Vectra Threat Labs on Oct 14, 2015 9:17:00 AM


Today, Vectra researchers were again credited with discovering critical vulnerabilities that impact the security of Adobe Reader, VBScript, and Internet Explorer.

Read More »

Topics: Vulnerabilities

Belkin F9K1111 V1.04.10 Firmware Analysis

Posted by Vectra Threat Labs on Aug 18, 2015 5:02:00 PM


Recently, it came to our attention that HP DVLabs has uncovered at least ten vulnerabilities in the Belkin N300 Dual-Band Wi-Fi Range Extender (F9K1111).  In response to this, Belkin released firmware version 1.04.10.  As this is the first update issued for the F9K1111 and there were not any public triggers for the vulnerabilities, we thought it would be interesting to take a deeper look.

Unpacking the Update

To begin our analysis, we downloaded the firmware update from the vendor [1]. We used a firmware tool called binwalk [2] to unpack the update:

Read More »

Microsoft Internet Explorer 11 Zero-day

Posted by Vectra Threat Labs on Jul 14, 2015 10:35:00 AM


On July 6th, information spread that the Italian company known as the Hacking Team were themselves the victims of a cyber attack. In the aftermath of this leak, Vectra researchers have analyzed the leaked data, and identified a previously unknown vulnerability in Internet Explorer 11 that impacts a fully patched IE 11 on both Windows 7 and Windows 8.1.

The hunt for the vulnerability began when we noticed an email from an external researcher who attempted to sell a proof-of-concept exploit to Hacking Team. The email was sent on 02/06/2015 and described an exploitable use-after-free bug in Internet Explorer 11. While Hacking Team ultimately declined to buy the PoC exploit, the email gave enough information for Vectra researchers to find and analyze the vulnerability.

While Hacking Team declined to purchase the PoC exploit, there is a chance the researcher went elsewhere to sell it, meaning that it may have been exploited in the wild.

Read More »

Topics: Vulnerabilities

Technical analysis of Hola

Posted by Vectra Threat Labs on Jun 1, 2015 7:19:00 AM

Updated June 3, 2015 11:00 AM (see details)

Recently a popular privacy and unblocker application known as Hola has been gaining attention from the security community for a variety of vulnerabilities and highly questionable practices that allow the service to essentially behave as a botnet-for-hire through its sister service called Luminati. Vectra researchers have been looking into this application after observing it in customer networks over the past several weeks, and the results are both intriguing and troubling. In addition to its various botnet-enabling functions that are now part of the public record, the Hola application contains a variety of features that make it an ideal platform for executing targeted cyber attacks.

Read More »

Topics: Targeted Attacks, Automated Breach Detection, P2P

Subscribe to the Vectra Blog

Recent Posts

Posts by Topic

Follow us