Tuesday, January 19, 2016

Palo Alto's Angler Exploit Kit Evasion Research

I thought this Palo Alto research was fascinating about Angle Exploit Kit Evasion. It showed how compromised websites purposely go dormant / quiet many times during the day and sometimes for many days to trick security researchers into thinking they were taken down/cleaned up. It showed that compromised websites filter IP addresses meaning the website may only serve the malicious content to certain countries, regions, targets, etc. It showed that payload URLs can change every 1/2 hour to hour. It also showed. It also shows how payload javascript also can change every 1/2 hour to hour.

The attackers will continue to evolve to evade detection and the good guys like us better stay on top of our game if we hope to stop (or even just detect) this madness!

More about neonprimetime

Top Blogs of all-time
  1. pagerank botnet sql injection walk-thru
  2. DOM XSS 101 Walk-Through
  3. php injection ali.txt walk-thru

Top Github Contributions
  1. Qualys Scantronitor 2.0

Copyright © 2015, this post cannot be reproduced or retransmitted in any form without reference to the original post.

No comments:

Post a Comment