Exploring the Blackhole Exploit Kit by Sophos

**c0dist** · 09-29-2014, 05:22 PM

Hi,

I recently came across a pretty explanatory analysis of Blackhole Exploit Kit by Sophos. Sure, the paper is quite old, dating back to March 2012 but nevertheless it serves as a nice start to understand how exploit kits work in general. The paper analyses Blackhole EK version 1.2.2.

Here's link to the paper - http://nakedsecurity.sophos.com/expl...e-exploit-kit/

And here's the table of contents:

Introduction
Blackhole exploit kit
Code obfuscation
Tracking Blackhole
Discussion and conclusions
Appendices

It can be directly downloaded as PDF from -> http://sophosnews.files.wordpress.co...er_mar2012.pdf

Hope this helps.

Regards,
c0dist.

**41.w4r10r** · 09-30-2014, 12:54 PM

It would be cool if you can come up with some signature to detect Blackhole exploit kit detection might be through URL pattern.

**c0dist** · 09-30-2014, 01:13 PM

Hi 41.w4r10r,

To develop some signature, I would need to observe/analyze a attack that's happening in the wild or either if I can get my hands on source

So, as soon as I learn more about Blackhole EK, I'll surely put it on forum.

In the meantime, I found a Yara signature for BlackHole EK V2 from a quick Google search.

http://blog.lab69.com/2012/09/an-eve...ploit-kit.html

Regards,
c0dist.

The forum is frozen forever - but it won't die; it'll stay for long in search engine results and we hope it would keep helping newbies in some way or other - cheers!

Thread: Exploring the Blackhole Exploit Kit by Sophos

Thread Tools

Search Thread

Display