Author Topic: JavaScript De-obfuscation Techniques  (Read 8195 times)

0 Members and 1 Guest are viewing this topic.

September 05, 2007, 10:45:26 pm
Read 8195 times

sowhat-x

  • Guest
A handy list of online semi-tutorials,
on how to de-obfuscate Javascript in webpages,
and see where a hidden malware originates,what it does etc.

Daniel Wesemann (SANS)
===================
http://handlers.sans.org/dwesemann/decode/

SANS Internet Storm Center
=====================
http://isc2.sans.org/diary.html?storyid=2268
http://isc2.sans.org/diary.html?storyid=2358
http://isc.sans.org/diary.html?storyid=3219
http://isc.sans.org/diary.html?storyid=1519

Websense Labs
============
http://www.websense.com/securitylabs/blog/blog.php?BlogID=86
http://www.websense.com/securitylabs/blog/blog.php?BlogID=98

PandaLabs
========
http://pandalabs.pandasecurity.com/archive/JavaScript-de_2D00_obfuscation-with-Rhino.aspx
Check out also the very nice paper that is mentioned in Panda's analysis,by Jose Nazario,
called "Reverse Engineering Malicious Javascript" - here's a direct link to it:
http://cansecwest.com/slides07/csw07-nazario.pdf

Finally,a short intro on how to de-obfuscate VBScript,
from the SANS people again ;-)
http://isc.sans.org/diary.html?storyid=3351

July 11, 2008, 09:28:27 am
Reply #1

sowhat-x

  • Guest

July 11, 2008, 04:10:22 pm
Reply #2

cjeremy

  • Special Members
  • Full Member

  • Offline
  • *

  • 58
    • sudosecure

July 11, 2008, 04:13:54 pm
Reply #3

sowhat-x

  • Guest
Seems like they moved the page to their 'archive' or so...fixed -> working link above ;-)