Well, this EXPMON submission is kinda interesting.. On Saturday, someone submitted a PDF sample that triggered a crash in Foxit Reader. EXPMON reported it as "potential zero-day attack". pub.expmon.com/analysis/14835… My manual analysis showed that this PDF indeed crashed the

Recently, two submitted PDF exploit samples were successfully detected by EXPMON's "detection-in-depth" feature! pub.expmon.com/analysis/13792… pub.expmon.com/analysis/14858… They're Adobe Reader exploits for CVE-2023-21608, based on the release at github.com/hacksysteam/CV…. #expmon

Hey, if you're attending GovWare in Singapore 🇸🇬, be sure to check out booth L23 where EXPMON will be showcased! linkedin.com/posts/dennis-t…

EXPMON System has been updated to v20241012! This is just for some small adjustments in the Detection Logic, for Microsoft Word and PDF exploit detection. pub.expmon.com

Who did this? pub.expmon.com/analysis/16726… #expmon

EXPMON System has been updated to v20241103! This update brought enhanced detections against potential malicious PDF samples (including zero-day attacks) leaking local information. pub.expmon.com

Regarding my EXPMON project, well, I haven't touched it for months as busy on personal & the Office fuzzing project, I *might* need to take a look soon.. In fact, in Q4 EXPMON actually detected a "small risk" PDF sample which allows to leak local NTLM info to remote servers

In December, there was a sample uploaded to EXPMON Public (pub.expmon.com/analysis/18899…). I just took some night time analyzing it manually and found that it's likely to be a WPS Office (previous) zero-day sample discussed at welivesecurity.com/en/eset-resear…. Please note that the public

I've released the details of this x.com/HaifeiLi/statu…. Enjoy! Blog post: EXPMON detected "zero-day behavior" in PDF samples that leak local (net)NTLM information justhaifei1.blogspot.com/2025/01/expmon… #expmon #zeroday #0day #pdf #threatintel #threatdetection

This.. If you're worrying about email-based exploits targeting Outlook (including 0-click zero-days!), you probably want to try EXPMON , where I've put all my knowledge about Outlook exploitations there. :) #justsaying x.com/scriptjunkie1/…

Zero-Day Vulnerability in PDF Files Leaking NTLM Data in Adobe & Foxit Reader cybersecuritynews.com/zero-day-vulne…

After the discovery of the PDF NTLM leaking "zero-day behavior", EXPMON Public has just identified a new one, which I just did a quick analysis on and found that it's indeed new and different from the previous one. Check out the following submissions: pub.expmon.com/analysis/19859…

I just noticed the PoC for this fresh critical Outlook/RTF bug (x.com/HaifeiLi/statu…) was shared at github.com/ynwarcs/CVE-20…, so I uploaded it to EXPMON and EXPMON successfully detected it as potential zero-day! Check it out: pub.expmon.com/analysis/20362…

Thanks. The other platforms have their focuses. Note that EXPMON is a great addition to existing security solutions, especially for those who have concerns about truly advanced zero-day attacks, as it uniquely "looks at things" from an exploit/vulnerability perspective (not a

More: well, I don't know the details, but at this moment I can give my quick advice from defense perspective for folks who worry about potential Office (zero-day) exploits, based on my experiences on Office security. 1. Make sure Office Protected View "always on" - this is very

There's another Office "intentional crash" detected by EXPMON (background for the 1st one: linkedin.com/posts/haifeili…), it's a bit different (as I just quickly analyzed) but I'd like to leave it to anyone who is interested in investigating. :) pub.expmon.com/analysis/25422…

Another day, another "intentional crash" Office sample. Online detection: pub.expmon.com/analysis/26539… Background: x.com/HaifeiLi/statu…

For the background, EXPMON is on the mission to analyze tons of public & some very outdated Office/PDF samples, from a deep vulnerability/exploit perspective. Who knows what I will find?:) If you also have a lot of emails/Office/PDF samples to analyze & can be publicly shared,

Finally I'm doing a maintenance on the EXPMON Public server, disabling the website access now, will update when it's back.

It's back! pub.expmon.com More than 150,000 samples were analyzed during this routine, and I will do a deeper BDA (Big Data Analytics) later. For those unfamiliar with the EXPMON approach (check it out here: pub.expmon.com/static/pdf/exp…), the BDA process is crucial for