Life cycle and detection of an exploit kit

As the process of owning systems and dragging them into botnets becomes ever more commercialized, exploit kits have emerged as a favorite of attackers. Their point-click-own nature means even non-technical people with a little cash can control your PC today.

This talk examines how some popular exploit kits work, from lure through payload; and discuss detection and prevention methodologies, with a focus on IDS/IPS.

Alex Kirk is a senior researcher with the Sourcefire Vulnerability Research Team (VRT), and the head of that group’s Awareness, Education, Guidance, and Intelligence Sharing (AEGIS) program, which is designed to increase direct collaboration between Sourcefire customers, the Snort user community, and the VRT in the interests of improved detection and coverage.