17 Posts

Zubair Ashraf

X-Force Security Researcher, IBM Security

Zubair Ashraf is a security researcher and team lead for IBM X-Force Advanced Research. He is very passionate about fighting all malicious activities in cyber space (aka cyber-crime/ attacks, or APT etc.). Currently he contributes to this via several means, and to share a few, he is actively and passionately: Educating and training others via his Twitter, blogging or presenting at security events; Analyzing Exploitation Techniques, Malware and Vulnerabilities and advising the IBM Security System's product development teams on prevention and detection strategies. His twitter account (@zashraf1337) has been listed among security researchers that will blow your mind and recommended on Metasploit's blog as among those to be followed if you like vulnerability research and/or exploit development.

Written By Zubair Ashraf

Microsoft Patch Tuesday – September 2013

Yes, it is that time of the month again. MS has released 13 bulletins (4 critical) covering 47 CVE's (1 of them is publicly disclosed). We encourage customers to refer to the notification for additional information.

Understanding the Android "master key" vulnerability

Bluebox Labs last week announced a vulnerability in Android's code for cryptographic signature verification and app installation. They are planning to publicly disclose the details in their upcoming BlackHat US talk. Google has patched this...

Microsoft Patch Tuesday – July 2013

We have a quite a few critical issues patched in Microsoft's July patch. MS rates all but one bulletin as critical, and we would highly encourage everyone to apply them ASAP.

Zeus Analysis – Memory Forensics via Volatility

I am planning to do a blog series on Malware Analysis using the Zeus sample that I recently received in an email. The idea is not only to share what it does, but to focus mostly on sufficient details.

Microsoft Patch Tuesday – May 2013

It is that time of the month again when we get busy with MS updates (usually accompanied by Adobe updates). For this month's patch Tuesday blog I would like to bring the attention of our readers to the following points...

Why invest in setting up boundaries and restrictions: Learning from the Cold Fusion hack

Installing a complex piece of software is in many ways letting a large family rent your basement. When they move in each member would have his/her own routine of going out and coming in, their individual friends and guests with various level of...

Microsoft Patch Tuesday – March 2013

After having quite a busy patch Tuesday last month, and seeing a lot of browser updates in the last week this month's MS Patch Tuesday is pretty usual. We have a few critical Remote Code Execution vulnerabilities being patched...

Co-Written By Zubair Ashraf