Skip to content

Latest commit

 

History

History

The Exploit Intelligence Project

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 
 
 

The Exploit Intelligence Project

In 2011, mass malware is still the most common source of compromise on corporate networks. Bots like Zeus, Gozi, and Clampi successfully infect devices despite organizations carefully managing disclosed vulnerabilities and subscribing to detailed analysis of the latest malware families. Existing efforts at malware prevention focus broadly on vulnerabilities and their impact yet ignore the means by which they are exploited and the motivations, opportunities and capabilities of attackers, which has allowed this problem to become worse year-after-year.

In this talk, I introduce an intelligence-driven approach to malware defense, focusing on attacker's capabilities and methods, with data collected from the most popular crimeware packs currently deployed in-the-wild. This analysis identifies the means by which exploits are developed and selected for inclusion in crimeware packs, identifies defenses that are outside the capability of malware exploit writers to bypass, and helps attendees evaluate not just the exploitability, but the probability of a vulnerability being exploited. This study shows that, until crimeware packs substantially advance in sophistication, only a few simple defensive tactics are required to protect users from such opportunistic threats.

Resources

Presented at

  • BruCon Keynote Address, September 2013, Ghent, Belgium
  • DARPA, October 2013, Arlington, VA
  • CIO Global Forum, October 2013, Philadelphia, PA

Author

  • Dan Guido

Note: The original EIP research was conducted while Dan was employed at iSEC Partners, but the work was revisited while at Trail of Bits. This page only tracks the work done on EIP post-iSEC.