Nao_sec provides cyber security research dedicated to Exploit Kits. In campaigns that include Exploit Kits, landing pages with malicious code are used in an attempt to exploit a specific vulnerability on the victim's device.


Nao_sec's research includes information on recent and active Exploit Kits, including the GrandSoft Exploit Kit, reported January 2018 and distributing GandCrab ransomware by Malwarebytes.

To enable Nao_sec's data on your firewall, turn on the Nao Sec – IPs and Nao Sec - Domains in the ThreatSTOP portal. If TS Curated - Drive-by Attacks is not already in your policy, we highly advise adding it to protect yourself from these kind of attacks.

If you don’t have a ThreatSTOP account are interested in what we do, check out a quick demo here.

If you do have a ThreatSTOP account, instructions to add targets to DNS or IP Defense policies are available on the ThreatSTOP Documentation Hub. Or, contact our Support.