12

There are several commercial exploit kits available containing 0day vulnerabilities:

What are the techniques to defend against such kits short of purchasing each to learn what they contain?

Merged the following question with the one above:

What are techniques to defend against popular crimeware kits/packs? For example, the crimeware packs described on http://mipistus.blogspot.com/:

  • CrimePack Exploit Kit
  • Eleonore Exploit Pack
  • Phoenix Exploit Kit
  • Black Hole Exploit Kit
  • SpyEye
  • Siberia Exploit Kit
  • JustExploit Exploit Pack
  • YES Exploit Pack
    ... plus more

Another description of CrimePack by Brian Krebs.

Dmitry Grigoryev
  • 10,072
  • 1
  • 26
  • 56
Tate Hansen
  • 13,714
  • 3
  • 40
  • 83

3 Answers3

9

This is such a massive question that I think the only answer is going to be to practice a defence in depth approach to security. Start at the first point of contact and build up protection down the the very core.

In order to see what those type of kits are doing make sure you are logging and monitoring everything, this should give you some idea of what is happening.

Toby
  • 709
  • 6
  • 8
  • I think in order to practise defence in depth the org would have to download and test each crime pack to identify the specific vunerbilities that their network exposes. Auditing is part of the solution, but you need to know where to look in the logs. – Anonymous Type Nov 16 '10 at 22:59
  • The good thing is is that most of these exploit packs list the techniques they use, so you shouldn't necessarily have to run them yourself. – Rory Alsop Dec 27 '10 at 18:11
9

I defend myself by not running any of the apps targeted by any of those exploits.

I suggest elinks(1) on grsecurity Linux.

If you mean, "How do you defend a large organization filled with many users and systems running some, if not all, of the apps targeted by a massive list of exploit packs and crimepacks?", then the correct answer is to implement an information security management program that specifically includes a specialized risk management program focused on identifying exploit-packs/crimepacks and designing (and continually implementing and improving) a list of controls that specifically safeguard against them.

atdre
  • 18,885
  • 6
  • 58
  • 107
2

As mentioned by @Toby, the best way to defend against 0day attacks is by defense-in-depth and audit trailing.

Henri
  • 1,525
  • 10
  • 11