OSINT EXPLOITS AND VULNERABILITIES

Exploits and vulnerabilities, what they are and how to fight

The availability of the global Internet from mobile devices, up to smartphones, thanks to WiFi technologies, has dramatically increased the popularity of a certain subtype of malicious software, namely, exploits. Their main difference from viruses is the narrower specialization of the attacked objects.

What's at gunpoint

The exploit, in its classical interpretation, does not independently perform actions that damage the user of an electronic computing device. In fact, it is a locomotive that, having found a tunnel with rails laid along it, drags a whole set of malware into a computer, tablet or phone.

The following types of software are among the most frequent targets of exploit attacks:

Naturally, the success of an exploit is determined by the presence of a specific vulnerability in a specific version of a software product. This fact, slightly limits the scope of this type of malware.

Packing malicious codes

However, the use of single exploits is extremely rare; these utilities are usually used in bundles or, in other words, in packages. Using exploit packs allows you to scan the attacked system for a number of vulnerabilities. Next, the appropriate scripts come into play, downloading malicious Programs from the attacker's website to steal confidential information, authorization data, as well as use the device as a botnet or other unauthorized actions.

As an example of an exploit pack, we present one of the most powerful sets of malware - the Angler exploit kit. The scope of its intervention covers such recent vulnerabilities:

Along with them, the malicious script package exploits a dozen more vulnerabilities in software products with the ability to execute arbitrary code.

Malware concealment tools

Modern exploit packages, Angler is not an exception, precede their activities with a series of checks on the system of potential infection:

Additionally, every professional exploit contains means of its own disguise, called obfuscation. Its purpose is to make it as difficult as possible to identify malware by code, as a result of which the script is filled with a number of meaningless functions, variables, and so on. Additionally, cryptographic means are used for these purposes.

Timely patching and the use of antivirus software with advanced behavioral analysis tools remain the best way to protect against exploit attacks. Naturally, you should avoid visiting potentially dangerous sites, opening email attachments from unknown respondents.

Note

This resource is focused on collecting information using free programs, websites, mobile applications, etc. The main goal is to help people find resources that make it possible to get information for free.

Initially, the materials were collected focusing on information security. However, many resources from other directions were added later. Please email us if you think we have forgotten something.

The OSINT Framework project is taken as a basis.

Suggestions, comments, feedback

Write to our email [email protected]