Exploit Kits – Exploitation via JS
Rashid Feroz & Krishnendu Paul
• Information security enthusiasts.
• Love to break into things!
• A college grad and an Industry veteran.
What Are Exploit Kits?
• A toolkit that automates the exploitation of client-side
• Usually targets browsers and programs that a website
can invoke through the browser.
• The attacker doesn’t need to know how to create exploits
to benefit from infecting systems.
• It provides a user-friendly web interface that helps the
attacker track the infection campaign.
Most commonly used vulnerable 3rd party software
• Oracle Java Runtime environment
• Adobe Acrobat Reader
• Adobe Flash Player / Plugin
• Apple Quicktime
From sale to infection
• The buyer would license a copy of a kit from the creator.
• The victim opens a spam email link or loads an infected web page.
victim’s computer and notifies the kit user of what files the victim’s
• If the kit found a usable exploit, the malicious payload would be
loaded onto the victim's computer.
How to stay safe?
• Stay up to date with security patches on your desktop machine.
• There are several specialized tools which identify vulnerabilities in
systems, install patches, and validate those patches. Use a 3rd
party utility or software to constantly update your system.
• Make sure that your browser, operating system, and browser’s
plugins are all up to date.
• Install a good host-based intrusion prevention system (HIPS) to
monitor for suspicious activity on your computer.