VB2019 paper: Finding drive-by rookies using an automated active observation platform

Posted by on Mar 6, 2020

Exploit kits made a bit of a comeback in 2019, something we have also seen in our test lab. Detecting these kits isn’t trivial though, given the various anti-analysis measures built into them, from geo-restricting to specific countries or regions, to the detection of client-side sandboxes.

In a last-minute paper presented at VB2019 in London, Rintaro Koike (NTT Security) and Yosuke Chubachi (Active Defense Institute, Ltd) discussed the platform they have built to automatically detect and analyse such attacks. Indeed, nao_sec, which they founded and are involved with, is often the first to discover new exploit kits, most recently the Bottle exploit kit.



Today we publish the recording of their presentation.

Have you carried out research that furthers our understanding of the threat landscape? Have you discovered a technique that helps in the analysis of malware? The Call for Papers for VB2020 in Dublin is open! Submit your abstract before 15 March for a chance to make it onto the programme of one of the most international threat intelligence conferences.