Help Irongeek.com pay for bandwidth and research equipment:
Lifecycle and Detection of an Exploit Kit SkyDogCon 2012 (Hacking Illustrated Series InfoSec Tutorial Videos)
Lifecycle and Detection of an Exploit Kit
SkyDogCon 2012
Alex Kirk
As the process of owning systems and dragging them into botnets becomes ever
more commercialized, exploit kits have emerged as a favorite of attackers; their
point-click-own nature means even non-technical people with a little cash can
control your PC today. This talk will examine how some popular exploit kits
work, from lure through payload; and discuss detection and prevention
methodologies, with a focus on IDS/IPS. Live examples from the wild will be used
throughout.
Alex Kirk is a senior researcher with the Sourcefire Vulnerability Research Team
(VRT), and the head of that group's Awareness, Education, Guidance, and
Intelligence Sharing (AEGIS) program, which is designed to increase direct
collaboration between Sourcefire customers, the Snort user community, and the
VRT in the interests of improved detection and coverage. In his 8 years with the
VRT, Alex has become one of the world's leading experts on Snort rules, and has
honed skills in reverse engineering, network traffic analysis, and systems
security. He recently contributed a pair of Snort-related chapters to "Practical
Intrusion Analysis: Prevention and Detection for the Twenty-First Century," and
is a regular contributor to the widely-read VRT blog (http://vrt-sourcefire.blogspot.com/).
His current major technical project at Sourcefire involves automated collection
of network data generated by malicious binaries, including Android packages, and
analysis of that data for detection purposes.