Web exploit toolkits have become the most popular method for cybercriminals to compromise hosts and to leverage those hosts for various methods of profit. This talk will give a deep dive on some of the most popular exploit kits available today including Blackhole and Phoenix and also take a look at some of the newer players that have appeared from Asia. An overview of how each kit is constructed, analysis of its observed shellcodes, obfuscations, and exploits will be presented to give a better understanding of the differences and similarities between these kits, ways that we have developed to harvest data from them and any trends that may be present.
I am a security researcher at HP DVLabs and lead for the ASI team that specializes in applied security research, malware analysis, and is responsible for our IP Reputation product. I have done research on Webkit instrumentation, web exploit toolkits, honeypots, and reverse engineering malware.