Pack
Angling for Silverlight Exploits
This post is co-authored by Andrew Tsonchev, Jaeson Schultz, Alex Chiu, Seth Hanford, Craig Williams, Steven Poulson, and Joel Esler. Special thanks to co-author Brandon Stultz for the exploit reverse engineering. Silverlight exploits are the drive-by flavor of the month. Exploit Kit (EK) owners a…
Year-Long Exploit Pack Traffic Campaign Surges After Leveraging CDN
This post is coauthored by Andrew Tsonchev. Anyone can purchase an exploit pack (EP) license or rent time on an existing EP server. The challenge for threat actors is to redirect unsuspecting web browsing victims by force to the exploit landing page with sustained frequency. Naturally, like most cri…
Fiesta Exploit Pack is No Party for Drive-By Victims
This post was also authored by Andrew Tsonchev and Steven Poulson. Update 2014-05-26: Thank you to Fox-IT for providing the Fiesta logo image. We updated the caption to accurately reflect image attribution. Cisco’s Cloud Web Security (CWS) service provides TRAC researchers with a constant fire hose…
2