Angler Lurking in the Domain Shadows

BSidesLV 2015

Presented by: Nick Biasini
Date: Tuesday August 04, 2015
Time: 18:00 - 18:55
Location: Florentine G
Track: Common Ground

A new technique has been discovered being leveraged by Angler Exploit Kit in the wild. This technique, domain shadowing, involves using hacked registrant accounts to create subdomains. This is the next evolution in evasion techniques for hackers and takes advantage of the fact that most people don't log in to their accounts except to renew or make a change. This allows attackers to evade traditional blacklisting technologies easily increasing the attack window. The talk will discuss the scope and details of this new technique as well as cover both the potential detection challenges and solutions.

Nick Biasini

Nick Biasini’s interest in computers and technology started at a young age when he tore apart his parents brand new 486SX PC. Ever since he has been tinkering with computers in one way or another. Nick started down the path of information systems in college and has spent his professional career working in information security. Nick has spent time in most roles in a SOC including analyst, engineer, and managing teams. Nick has a master’s degree in digital forensics from the University of Central Florida and has worked for government and private sector environments in his career. Nick has a master’s degree in digital forensics from the University of Central Florida and has worked for government and private sector environments in his career. In his time with Talos Nick has researched a wide range of topics including Exploit Kits and various malware campaigns being distributed through spam.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats