I thought this Palo Alto research was fascinating about Angle Exploit Kit Evasion. It showed how compromised websites purposely go dormant / quiet many times during the day and sometimes for many days to trick security researchers into thinking they were taken down/cleaned up. It showed that compromised websites filter IP addresses meaning the website may only serve the malicious content to certain countries, regions, targets, etc. It showed that payload URLs can change every 1/2 hour to hour. It also showed. It also shows how payload javascript also can change every 1/2 hour to hour.
The attackers will continue to evolve to evade detection and the good guys like us better stay on top of our game if we hope to stop (or even just detect) this madness!
More about neonprimetime
Top Blogs of all-time
Top Github Contributions
Copyright © 2015, this post cannot be reproduced or retransmitted in any form without reference to the original post.
No comments:
Post a Comment