Disdain is an exploit kit discovered in August 2017 by Peruvian security researcher David Montenegro. It is advertised on dark web hacking forums for rent on a daily, weekly, or monthly basis for $80, $500, and $1,400, respectively. The exploit kit is advertised as having the following capabilities:

  • Domain rotator
  • RSA key exchange for exploits
  • Panel server is untraceable from payload server
  • Geolocation
  • Browser and IP tracking
  • Scan domain

The exploit kit's renters redirect the victim's traffic to its landing page that then scans their browser and attempts to use exploits to install malware on their machine. Though Disdain has fewer exploits than other EKs, they are newer exploits that can be used against Microsoft Internet Explorer, Adobe Flash Player, Mozilla Firefox, and Microsoft Edge. It remains to be seen if this exploit kit will be used in any major campaign, such as a malvertising campaign or botnet, as its author, known as "Cehceny," is currently banned and marked as a scammer on at least one major dark web forum.


  • August 2017: New Disdain Exploit Kit Sold on Underground Hacking Forums. (BleepingComputer)

Technical Details

  • Insights provides technical analysis of the Disdain exploit kit, here.