Jump to content
Nytro

Analytical Summary Of The Blackhole Exploit Kit

By Nytro, in Tutoriale video

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

Analytical Summary Of The Blackhole Exploit Kit

Description: ANALYTICAL SUMMARY OF THE BLACKHOLE EXPLOIT KIT

Almost Everything You Ever Wanted To Know About The BlackHole Exploit Kit

There are hundreds, if not thousands, of news articles and blog posts about the BlackHole Exploit Kit. Usually, each story covers only a very narrow part of the subject matter. This talk will summarize the history of the BlackHole Exploit Kit into one easy to follow story. There will be diagrams and flow-charts for explaining code, rather than a giant blob of illegible Javascript, PHP, or x86 Assembly.

A. What a browser exploit kit is, and what it isn't

It only does exploits

Directing victims to the exploits is out of scope

Usually done with spam or iframe injections

The actual malware installed is out of scope too

Where is exploit kit is hosted, is also quite variable

B. Timeline

Version 1.0.0 - September 2010 i. It's not that different from other exploit kits

Version 1.0.1

Version 1.0.2 - November 2010 i. Changelog ii. Leaked in May 2011

Version 1.1.0 - December 2010 i. Changelog

Version 1.2.0 - August 2011 i. Changelog

Version 1.2.1 - December 2011

Version 1.2.2 i. Cryptome "Virus"

Version 1.2.3 - March 2012

Version 1.2.4 - June 2012 i. CVE-2012-1723 ii. CVE-2011-2110

Version 1.2.5 - July 2012 i. CVE-2012-1889 ii. A single IFRAME injection campaign uses a temporal 'Domain Generation Algorithm'

August 2012 i. CVE-2012-4681

Version 2.0.0 - September 2012 i. Changelog ii. The official announcement isn't entirely true.

C. The "Free Version"

Pulled from a system with C99 Shell

IonCube "copy protection"

How to break IonCube obfuscation

Analysis of PHP Source Code

D. Open Source Code in use

PluginDetect

MaxMind GeoIP

etc.

E. The Exploits

CVE-2010-0188

etc. etc. etc. as time allows X. There is almost no change in the expliots themselves from one version of the exploit kit to the next. Y. Currious clues about the possible authorship of some exploits

Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.

Original Source:

Sursa: Analytical Summary Of The Blackhole Exploit Kit

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...