Exploit kits are one of the threats that is ever present on the Internet. Indiscriminately compromising users that are simply surfing websites. As ransomware has exploded so has the proliferation of these exploit kits. This combination of ransomware, tor, and bitcoin has created a financially lucrative monster.
One of the challenges with investigating exploit kits is how quickly they move and pivot to other systems. For the last year Talos has been systematically diving into each exploit kit trying to find nuggets of gold from a sea of compromise. Thus far the results have been promising, with some extremely successful outcomes related to Angler and Rig exploit kits specifically.
This talk will outline the process that was followed, what we found and how we leveraged it to inflict damage on the users of these exploit kits. However, we are far from done. This talk will also reveal additional details around several other exploit kits and round out our year taking on exploit kits to inflict damage on the users. We will spend some time discussing how we’ve seen exploit kits change as a result of our published research and will conclude with some previously undisclosed details surrounding some of the exploit kits activities.