Adventures with Cybercrime Toolkits: Insights for Pragmatic Defense

Wednesday, January 29, 2020 - 2:00 pm2:30 pm

Birhanu Eshete, University of Michigan, Dearborn


When it comes to improving the state of defense in the cybercrime arms race, all too common advice is to be more proactive than reactive. However, close examination of the modus operandi of cybercriminals suggests a great deal of their pragmatism and adaptability to defensive moves. Among other blindspots, exploitable opportunities pursued by cybercriminals typically stem from flaws in the design, implementation, configuration, and deployment of systems. In essence, cybercriminals monetize these blindspots to stir the arms race in their favor.

Using a multi-faceted analysis of pre-packaged cybercrime tools called exploit kits, this talk argues and illustrates that defenders should as well be pragmatic and adaptive enough to turn the weakest links of cybercriminals into concrete opportunities to counter cybercrime. We use the exploit kit phenomenon to highlight how defenders could combine reactive, proactive, and offensive strategies towards pragmatic defense.

On the reactive front, we describe how seemingly simple yet identifying configuration and deployment artifacts are used to identify active exploit kits in the wild. On the offensive side, we illustrate how access to exploit kits source code is leveraged towards an automated infiltration and legally authorized takedown of live exploit kits. On the proactive front, we highlight how lessons learned from reactive and offensive strategies are combined toward real-time threat detection. The talk leaves the audience with key takeaways on pragmatic defense strategies in the face of an adaptive cybercriminal with motives and means.

Birhanu Eshete, University of Michigan, Dearborn

Birhanu Eshete is an Assistant Professor of Computer Science at the University of Michigan, Dearborn, where he leads the Data-Driven Security and Privacy Lab. Prior to that, he was a Postdoctoral Researcher in the Systems and Internet Security Lab at the University of Illinois at Chicago. His research focuses on cybercrime analysis, cyber threat intelligence, and adversarial machine learning. His work on automated exploit generation received the distinguished paper award at the 2018 USENIX Security Symposium. The same work was one of the finalists in the 2018 NYU Applied Research Competition across the United States and Canada. Birhanu holds a Ph.D. degree in Computer Science from the University of Trento, and M.S. and B.S. in Computer Science from Addis Ababa University.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

@conference {244740,
author = {Birhanu Eshete},
title = {Adventures with Cybercrime Toolkits: Insights for Pragmatic Defense},
year = {2020},
address = {San Francisco, CA},
publisher = {USENIX Association},
month = jan

Presentation Video