Shostack + Friends Blog Archive

 

The best part of exploit kits

Following up on my post on exploit kit statistics (no data? really folks?), I wanted to share a bit of a head-shaker for a Friday with way too much serious stuff going on.

Sometimes, researchers obscure all the information, such as this screenshot. I have no idea who these folks think they’re protecting by destroying information like this, but what do you expect from someone whose web site requires javascript from 4 domains to render a basic web page? (bad HTML here).

Thinking would be welcome.

2 comments on "The best part of exploit kits"

  • ” I have no idea who these folks think they’re protecting by destroying information like this”

    What about not telling bad guys that he is inside ?
    Make sense ?

    • Adam says:

      Nope.

      I’m pretty confident that many of the redactions, such as the %, are fairly consistent across current versions of the exploit kits. (As are you, as you left the bar graphs and order visible for all except two exploits.) I expect that “threads” are also pretty consistent.

      If you have no evidence that the criminals are reading your blog, then odds are good you can post an unredacted shot without losing access, but that’s easy for me to say. Or you can post the real shot now, rather than obscuring all the data forever.

      If you think you’re being stealthy, capture the data and then publish it later after you’re kicked out, but I see no such data dump or commitment to such a dump. Maybe I missed it.

Comments are closed.