There's some fun (malicious) javascript obfuscation at hxxp : / / drominguf.com / pic / ve.png. Looks like it uses a bunch of non printable/non english characters to get around most simple signatures, with a little decoder at the end
end to end exploit in .pcap form here: https://csportal.fireeye.com/M285-117-117-31171-2009-07-17-034553.pvna.pcap Alex _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
