Hackers of India

Exploit the Exploit Kits

By  Dhruv Soi  on 04 Dec 2011 @ Clubhack

Abstract

Exploit kits are being used by cyber criminals to carry out targeted attacks against the victims by exploiting the browser vulnerabilities or the vulnerabilities in the accompanied plugins like Adobe PDF, Flash, Java etc. Most of the botnets like Zeus take a ride over the exploit packs to get injected into the victim’s computer. Eleonore, Crime Pack, Black Hole exploit packs have been lately in the news for infecting few sensitive government departments.

Exploits packs can be bought from their authors who are available over the ICQ/Jabber and the money can be transferred as e-currency. These packs are sold as licensed software bound to a particular IP address or domain name and the source code otherwise is obfuscated which is hard to be decompiled.

While researching over the exploit kits, speaker arrived at a unique and unknown mechanism to bypass the restriction of IP address or domain name on an exploit kit without burning the mid-night oil in reversing or decompiling the pack.

This talk is completely oriented towards the exploit kits starting from fundamentals and working of the exploit kits, followed by the economics involved. Speaker will demonstrate the live infections using these packs to make the audience aware about its significant impact. Presentation will also talk about the mechanism using which researchers can bypass the IP or domain based restriction embedded into the exploit kits. After this talk, running a stolen or publically available exploit pack would be a matter of seconds. Boom!!!