Today, we release Maltese – an open source Malware Traffic Emulator that allows you to generate malicious traffic in order to test the effectiveness of malware detector solutions, currently focusing on DNS traffic.
When reports surface that the White House and NATO were hacked using an unknown vulnerability, it peaked our interest. When it was later announced that the Java Naming and Directory Interface (JNDI) was used, we decided to look at other Java APIs to see if we could find similar vulnerabilities. We expected to find a bug or two. What we actually found was two new classes of vulnerabilities: JNDI Injection and LDAP Entry Poisoning.