Overview
Explore the life cycle and detection methods of exploit kits in this conference talk from SkyDogCon 2. Delve into the Sourcefire VRT overview and learn about the significance of exploit kits in cybersecurity. Understand the mechanics behind exploit kits, including email samples, smart fishing techniques, and the chain of redirections. Examine standardized behaviors, payload dropping, and the infinite variability of these threats. Discover sneaky tricks employed by attackers and various signature-based detection methods for Java exploits, PDFs, and disguised executables. Gain insights into generic detection techniques, domain generation algorithms, and the challenges of false positives. Conclude with a discussion on fishing techniques, Sourcefire's approach, and engage in a Q&A session covering Microsoft-related topics.
Syllabus
Intro
Sourcefire VRT Overview
Sourcefire Pig
What is an exploit kit
Why do exploit kits matter
How do exploit kits work
Email sample
How to build
Smart fishers
What happens when you click on a link
Loading please wait
Chain of redirections
Standardized behavior
Dropping payload
How does it work
Infinite variability
Sneaky tricks
Signatures
Drop Exploits
Java Exploits
PDFs
Generic Detection
Disguising executables
FireAmp
KZ
Domain Generation
False Positives
Fishing
Sourcefire
Feedback
Microsoft
Questions