The “Exploit Kit Shenanigans: They’re Cheeky!” workshop will consist of attendees pulling apart a few exploit kits to understand how they work at a low level. This will be an intermediate-level workshop, developed for people familiar with running Linux commands (we’ll be using REMnux) and those whom can learn new tools quickly (we’ll be using a bevy of tools, including the likes of Immunity Debugger). I LOVE analyzing exploit kits, and I cannot wait to show others how to review an exploit kit’s real intent. We would begin by grabbing some samples off VirusTotal (pre-selected of course), work to deobfuscate the threats, cover how the actual exploits work, and then analyze the relevant shellcode in a debugger.
Ryan Chapman works as an incident response analyst for Bechtel Corporation. Ryan enjoys the challenge of handling incidents, reversing malware, and automating tasks for the security operations center. He also loves public speaking and has presented at BSidesSF, CactusCon, Splunk Live!, and at the University of Advancing Technology's Tech Forum. Ryan has an MS in Information Assurance and a BS in Computer Networking. He also holds the GREM, GCIH, LPIC1, Linux+, Security+, and other certifications. Ryan has a fondness for retro gaming and plays plenty of Street Fighter.