OP 25 March, 2021 - 01:15 PM
3.1 Exploit kitsAn exploit kit is a web application that serves a lot of exploits. The idea behind this is to try and apply all kinds of permutations and combinations of exploits on the victim. A victim could be using any version of Internet Explorer with a version of Flash player installed in it. The exploit kit can have exploits for various versions of Flash and Internet Explorer for various versions of Windows. A code in an exploit kit usually checks for the operating system, browser versions, and browser plugins installed on the victim's machine and accordingly serves the exploit for that particular version. The code that does this is called the landing page. The landing page code works in a hidden way and the victim does not get any notifications regarding it. After the landing page gets the details of the victim, it delivers the suitable exploit that can compromise the victim. Usually, the landing page is highly obfuscated and security analysts find it hard to de-obfuscate:
Source: https://searchsecurity.techtarget.com/fe...-attackers
Source: https://searchsecurity.techtarget.com/fe...-attackers