The Angler Exploit Kit (EK) has evolved into one of the most critical threats to users of the Information Superhighway. Try as we might, we simply cannot avoid being redirected to Angler landing pages. The simple question is: WHY DAMNIT?! This talk focuses on the ins and outs of the Angler EK. We will discuss the modern EK along with Angler's prevalence. We will then break down exactly how Angler works: We'll start with compromised site redirection methods, move to landing page de-obfuscation, review recent CVEs utilized, and end with exploit + shellcode analysis. If you'd like to know exactly how this little bastard does its dirty work, bring your butt to the talk!
Ryan Chapman works as an incident response analyst for Bechtel Corporation. Ryan enjoys the challenge of handling incidents, reversing malware, and automating tasks for the security operations center. He also loves public speaking and has presented at venues such as BSides, CactusCon, Splunk .Conf, and others. Ryan has a fondness for doing stand-up comedy, retro gaming, and plays plenty of Street Fighter. Hadouken!