John Bambenek discusses tracking exploit kits by monitoring their infrastructure and operations. He explains that by disrupting entire exploit kit ecosystems, more can be done than taking down individual malware operators. Bambenek describes how exploit kits work and outlines strategies for gathering intelligence on exploit kits, such as decoding landing pages, using PCREs to find new sites, and leveraging resources like Bing's malicious URL feed to collect potential targets for dynamic analysis. The goal is to develop intelligence that can be used to disrupt the operations of exploit kit operators and affiliates.
39. Questions & Thank You!
John Bambenek / john.bambenek@fidelissecurity.com
If you are interested in Exploit Kit tracking and disruption,
please get in touch.