Exposing the Neutrino EK: All the Naughty Bits

Presented at BSidesLV 2016, Aug. 2, 2016, 3 p.m. (55 minutes)

The Angler Exploit Kit (EK) is now dead. In the wake of Angler's death, Neutrino has taken the lion's share of the EK market. As such, Neutrino has evolved into one of the most critical threats to users of the Information Superhighway. Try as we might, we simply cannot avoid our users from being redirected to EK landing pages. The simple question is: WHY DAMNIT?! This talk focuses on the ins and outs of the new king of the hill: Neutrino. We will discuss the modern EK along with Neutrino's dominance. We will then break down exactly how Neutrino works: We'll start with compromised site redirection methods, rock some landing page de-obfuscation, have fun reversing Flash, and end with exploit + shellcode analysis. If you'd like to know exactly how this little bastard does its dirty work, bring your butt to the talk!

Presenters:

• Ryan Chapman - Computer Incident Response Analyst - Bechtel Corporation
  Ryan Chapman works as an incident response analyst for Bechtel Corporation. Ryan enjoys the challenge of handling incidents, reversing malware, and automating tasks for the security operations center. He also loves public speaking and has presented at venues such as BSides, CactusCon, Splunk .Conf, and others. Ryan has a fondness for doing stand-up comedy, retro gaming, and plays plenty of Street Fighter. Hadouken!

Links:

• https://bsideslv2016.sched.com/event/7aPG/exposing-the-neutrino-ek-all-the-naughty-bits

Similar Presentations:

• BSides Austin 2016 / Evolution of the Angler Exploit Kit
• ToorCon San Diego 17 (2015) / Angler Fireworks - Analysis of Angler July 2015