A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Hunting for Exploit Kits - Joe Desimone Derbycon 2016 (Hacking Illustrated Series InfoSec Tutorial Videos)

Hunting for Exploit Kits
Joe Desimone
Derbycon 2016

Open any security blog and you are likely to find some information on the latest 0day being exploited in the wild by one or more of the popular exploit kits. Knowing how exploit kits are evolving over time allows researchers to validate a security stack against the latest capabilities, enables red teams to repurpose the latest in-the-wild threats, and assists vulnerability researchers to stay current on the latest exploits. However, getting samples or other specific insight into these changes is hard because direct access to tools is guarded and signatures are constantly changing. How can researchers identify and collect their own samples without any static signatures? This talk will reveal an automated system that relies on behavioral exploit detection rolled into a sandbox that continually crawls popular websites for infection. The system captures a steady stream of exploit kit samples which can support a wide range of research initiatives. We will also discuss samples from popular exploit kits that have been captured with this system such as Neutrino, RIG, and Magnitude.

Joe Desimone is a Malware Researcher at Endgame. He has over 5 years of experience in the information security industry; primarily tracking and countering APTs, reverse engineering malware, and developing novel techniques and tools to empower hunt teams. Joe holds a BS and MS in Computer Security from RIT.

Joe - @dez_

Back to Derbycon 2016 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast