Microsoft EDGE Exploit - An In-Depth Cyber Kill Chain Analysis

NSS Labs whitepaper titled "Microsoft EDGE Exploit"

In the last decade, we have seen a number of exploit kits emerge from the black market, and all with the goal of spreading malicious content across the Internet. Cybercriminals and security companies have long been at odds, with one group seeking to spread malicious content over the Internet and profit from it, while the other works to make the Internet a secure environment within which people can safely share information. Many security researchers share their knowledge to educate and inform, but this information is also being used by cybercriminals to achieve their own nefarious goals.

Most breaches are caused by just a few hundred commercial exploit kits. Additionally, while the typical IT environment may have many unpatched vulnerabilities, at any given time, only a handful of these are being actively exploited.

In this paper, I will break down the chain of attack for the Microsoft EDGE exploit, which was captured by NSS Labs Cyber Advanced Warning System. This paper is divided into four sections. The first section will provide detailed information on the exploit kit itself. The second section will analyze the traffic captured in depth, providing deobfuscated versions of the original JavaScript. The third section discusses the difference between the codes original commit and its patch. The fourth section discusses the difference in time between when the code was reported and when it was patched.

To read more download this white paper.

Download Now