Exploit kits are well known among security professionals, but this form of malware distribution is often misunderstood. Exploit kits exist in an ecosystem that must be considered when discussing this important subject. In his talk, Brad Duncan explores the terminology necessary for a better understanding of exploit kits. He covers the sequence of events that result in an infected Windows host, starting with a compromised website and ending with the exploit kit delivering its payload. Exploit kits are well known among security professionals, but this form of malware distribution is often misunderstood. Exploit kits exist in an ecosystem that must be considered when discussing this important subject. In his talk, Brad Duncan explores the terminology necessary for a better understanding of exploit kits. He covers the sequence of events that result in an infected Windows host, starting with a compromised website and ending with the exploit kit delivering its payload.

Brad Duncan specializes in network traffic analysis and exploit kit detection. After more than 21 years of classified intelligence work for the US Air Force, Brad transitioned to cyber security in 2010. He has worked for the US Air Force CERT and Rackspace. Brad is currently a Threat Intelligence Analyst for Palo Alto Networks Unit 42. He is also a handler for the Internet Storm Center (ISC) and has posted more than 60 diaries at isc.sans.edu. Brad routinely blogs technical details and analysis of infection traffic at www.malware-traffic-analysis.net.

@malware_traffic

Back to BSides Augusta 2016 video list