YoVDO

Tired of Playing Exploit Kit Whack-A-Mole? Let's Automate

Offered By: Security BSides San Francisco via YouTube

Tags

Security BSides Courses Cybersecurity Courses Javascript Courses Malware Analysis Courses Web Security Courses

Course Description

Overview

Explore an innovative approach to detecting and analyzing Exploit Kits (EKs) at scale in this 19-minute conference talk from BSidesSF 2017. Learn about a new technique that utilizes headless browsers equipped with JavaScript and DOM inspectors to crawl the web efficiently. Discover how this method can automate the process of identifying EKs, moving beyond traditional dynamic analysis tools and JavaScript de-obfuscators. Gain insights into the behavior of the latest EKs hiding in plain sight through a proof-of-concept demonstration. Delve into topics such as headless browsers, JavaScript, gate code, decode functions, prototype attributes, plugins, XML DOM, and signatures to enhance your understanding of this automated EK detection approach.

Syllabus

Intro
Headless Browser
JavaScript
Gate
Code
Decode
Function Prototype
Attribute
Plugins
Handles
XML DOM
Signatures
Summary


Taught by

Security BSides San Francisco

Related Courses

Early Detection through Deception
YouTube Hack for Show, Report for Dough - Brian King
YouTube Blue Teamin on a Budget of Zero - Kyle Bubp
YouTube Windows Event Logs - Zero to Hero
YouTube Weaponizing Splunk - Using Blue Team Tools for Evil
YouTube