Counter-Infiltration - Future-Proof Counter Attacks Against Exploit Kit Infrastructure

Explore a comprehensive analysis of modern exploit kit infrastructure and counter-attack strategies in this 59-minute Black Hat conference talk. Delve into the sophisticated networks employed by exploit kit-as-a-service operators, including proxies, gates, VDS, rotators, uploaders, panel servers, and APIs. Learn about counter-infiltration techniques, such as decoying proxies and revealing hidden IPs, as presented by Yin Minn Pa Pa, Hiroshi Kumagai, Masaki Kamizono, and Takahiro Kasama. Examine case studies of popular exploit kits like RIG 4.0, BEPS, Hunter, and Neptune, comparing their attack infrastructures. Gain insights into future possibilities, leaked exploit kits, and code reuse in the evolving landscape of cybersecurity threats and defenses.

Intro
Motivation
Method
Outline
Panel Server (Admin)
Panel Server (User)
API for Proxy
Inside the Leaked DB
API Link
Decoying Proxies
Reveal the Hidden IP
blackhat Peaking Attackers
black hat RIG 4.0 - Attack Summary
The Rich?
black hat BEPS - Attack Infrastructure
black hat Hunter - Attack Infrastructure
black hat Neptune - Attack Infrastructure
Future Possibilities
Leaked Exploit Kits
black hat Old Days vs New Days
Code Reuse
Conclusion