Quantcast

Articles

Get all-in-one coverage of Internet security and online privacy issues brought up by the industry’s leading experts at security conferences and seminars.

The State of Web Exploit Toolkits 4: Phoenix and Newer Kits

The presentation ends with the analysis of the Phoenix exploit kit’s features, details on newer kits from all over the world, and a summary of the research. Phoenix Exploit Kit The next kit I’m going to talk about is Phoenix. It’s been around since 2007, it’s pretty old, it’s up to version 3. They...

The State of Web Exploit Toolkits 3: How BlackHole Works

Jason Jones covers herein some of the specific features inherent to BlackHole kit, including JavaScript and PDF obfuscation details, JavaScript shellcode, etc. Now I’ll actually get a little bit more into how it works. Running all these things through our sandbox, we’ve looked a lot at URLs that it...

The State of Web Exploit Toolkits 2: BlackHole Kit Scrutinized

Jason Jones now provides an intro to the notorious BlackHole exploit kit, explaining some of its background as well as showing the interface that criminals use. The first kit I’m really going to delve into is BlackHole. It’s been around for a couple of years. It’s definitely become the most popular...

The State of Web Exploit Toolkits – Turnkey Cybercrime Software

During his Black Hat briefing, Jason Jones, the Team Lead for ASI at HP DVLabs, presents a professional extensive analysis of the present-day web exploit kits. I’m going to be talking about the state of web exploit toolkits, which is a lot of what I’ve been doing on my job. I’m the Lead for Advanced...

From Russia with Love.exe 5: Questions and Answers

This is the final part of the study where The Grugq and Fyodor Yarochkin are explaining more details of the Russian hacking business during the Q&A section. Yarochkin: Alright, do you have any questions? Question: On your point about the ratios: so, this guy was offering the best ratio; do you know any...

From Russia with Love.exe 4: Geeks, Not Gangsters

You can learn here how much it costs to buy a massive DDoS attack service on Russian hacking forums, and what kind of people those sellers are. The Grugq: So, everyone probably knows Twitter went down some time ago. How much do you think that cost per day, on average? It’s 80 bucks! Come on, 80 bucks to...

From Russia with Love.exe 3: Money Laundering and Botnet Services

In this entry the security analysts are focusing on other popular commodities sold on Russian hacking forums, as well as malware distribution services. Yarochkin: One of the most valuable commodities on these forums is actually ICQ numbers. Even now, as of today, ICQ is one of the primary communication means...

From Russia with Love.exe 2: Virtual Currencies and Identity Dumps

The Grugq and Fyodor Yarochkin now move on to outline the prevalent payment methods on Russian hacking forums and touch upon the goods being traded on there. The Grugq: There’s some really cool identity stuff that they do as well. A lot of the money that gets moved around in these illegal economies is...

From Russia with Love.exe – The Russian Underground Hacking Culture

While participating in HITBSecConf Malaysia, security analysts The Grugq and Fyodor Yarochkin present their study of the ins and outs of the Russian hacking community, hacking forums and culture. The Grugq: Hi everyone. This is Fyodor, I’m Grugq by the way. What this talk is on is it’s basically on the...

The Anatomy of Social Engineering 5: The Reality and Defenses

This entry encompasses the summary of how effectively social engineering exploits the quirks, or flaws, of the human brain, and provides some defense advice. So, in reality these are just tricks that statistically increase the odds of compliance (see right-hand image). And they’re obviously not going to...