Black Hat //Webcast 26

Gangsterware — Stealth Shield of the Malware
// Yaniv Miron, Daniel Chechik

thursday, february 17, 2011

1000 HRS PST/ 1300 HRS EST • FREE

Black Hat Sponsor Core Security Technologies


Slide Deck


Exploit-kits are all around us. We cannot see them. We cannot touch them. But they are here.

Exploit-kits are a pack of several stable exploits directed to attack different types and versions of browsers in addition to browsers applications, the attacks allows malwares to be installed on the victim machine.

They allow cyber-criminals with no security IT education to steal money from banks in sophisticated ways. If the world of bank account stealing, money laundering, money mule and cyber crimes are in your interest this is the presentation for you.

In the following presentation we will explain about the top exploit-kits that surround us, and we will show a live demo of an exploit-kit analysis.


Yaniv Miron is an information security consultant and researcher currently working at M86 Security Labs. His roles include reverse engineering & exploit writing, binary and malware analysis and fuzzing.

Prior to that Yaniv worked for major consulting firms and for the Israeli Defense Force as a CISO. He is the founder of the biggest Israeli hacking convention - IL.Hack.

He is certified as a CISO from the Israel Institute of Technology and a Certified Locksmith and has spoken at security and hacking conferences as OWASP, Hacker Halted, IL.Hack, CONFidence, SyScan as well as many other hacking and security conferences.

Yaniv is highly skilled with hands on penetration testing and security research and found several security vulnerabilities in major vendors.

Daniel Chechik is a veteran security researcher at M86 Security. Among other things, he specializes in malware analysis, web exploits detection, Trojan and botnet detection and neutralizing and defining security requirements for the M86 Product.

Prior to that, Daniel served in a technological unit as a security specialist in the IDF. During the service, Daniel specialized in CheckPoint Firewall equipment, AntiVirus products and other IT security products.

Daniel, among other things, is responsible for blog posts and other publications for M86 and holds CEH and CCSE certificates.


Core Security Technologies is the leader in commercial-grade penetration testing software solutions that IT executives rely on to expose vulnerabilities, measure operational risk, and assure security effectiveness. The company’s CORE IMPACT product family offers a comprehensive approach to assessing the security of network systems, endpoint systems, email users, web applications and wireless networks against complex threats.