{"id":17926,"date":"2020-03-17T20:34:49","date_gmt":"2020-03-18T04:34:49","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2020\/03\/17\/news-11659\/"},"modified":"2020-03-17T20:34:49","modified_gmt":"2020-03-18T04:34:49","slug":"news-11659","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2020\/03\/17\/news-11659\/","title":{"rendered":"VB2019 paper: Finding drive-by rookies using an automated active observation platform"},"content":{"rendered":"<p>Exploit kits made a bit of a comeback in 2019, something we have also seen in our <a title=\"VBWeb\" href=\"https:\/\/www.virusbulletin.com\/testing\/vbweb\/\">test lab<\/a>. Detecting these kits isn\u2019t trivial though, given the various anti-analysis measures built into them, from geo-restricting to specific countries or regions, to the detection of client-side sandboxes.<\/p>\n<p>In a last-minute paper presented at VB2019 in London, Rintaro Koike (<em>NTT Security<\/em>) and Yosuke Chubachi (<em>Active Defense Institute, Ltd<\/em>) discussed the platform they have built to automatically detect and analyse such attacks. Indeed, <em>nao_sec<\/em>, which they founded and are involved with, is often the first to discover new exploit kits, most recently the <a href=\"https:\/\/nao-sec.org\/2019\/12\/say-hello-to-bottle-exploit-kit.html\" target=\"_blank\">Bottle<\/a> exploit kit.<\/p>\n<p>Today we publish the recording of their presentation.<\/p>\n<p>\u00a0<\/p>\n<p style=\"text-align: center;\" width=\"100%\" height=\"420\"><iframe loading=\"lazy\" src=\"https:\/\/www.youtube.com\/embed\/hYg2k8KAd4I\" frameborder=\"0\" width=\"100%\" height=\"420\" style=\"\"> <\/iframe><\/p>\n<p>\u00a0<\/p>\n<p><em><em>Have you carried out research that furthers our understanding of the threat landscape? Have you discovered a technique that helps in the analysis of malware? <\/em>The <a title=\"VB2020 call for papers - now open!\" href=\"https:\/\/www.virusbulletin.com\/blog\/2019\/12\/vb2020-call-papers-now-open\/\">Call for Papers<\/a> for VB2020 in Dublin is open! Submit your abstract before <strong>15 March<\/strong> for a chance to make it onto the programme of one of the most international threat intelligence conferences.<\/em><\/p>\n<p>outertext<br \/><a href=\"https:\/\/www.virusbulletin.com\/blog\/2020\/03\/vb2019-paper-finding-drive-rookies-using-automated-active-observation-platform\/\" target=\"bwo\" >https:\/\/www.virusbulletin.com\/rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>                                 In a last-minute paper presented at VB2019 in London, Rintaro Koike (NTT Security) and Yosuke Chubachi (Active Defense Institute, Ltd) discussed the platform they have built to automatically detect and analyse exploit kits. Today we publish the recording of their presentation.                <\/p>\n<p>                 <a href=\"https:\/\/www.virusbulletin.com\/blog\/2020\/03\/vb2019-paper-finding-drive-rookies-using-automated-active-observation-platform\/\">Read more<\/a>                                <\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[23177,10378,23176],"tags":[],"class_list":["post-17926","post","type-post","status-publish","format-standard","hentry","category-magazine","category-security","category-virusbulletin"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/17926","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=17926"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/17926\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=17926"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=17926"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=17926"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}