Malware Domain List

Malware Related => Tools of the trade / Internet News => Topic started by: sowhat-x on September 05, 2007, 10:45:26 pm

Title: JavaScript De-obfuscation Techniques
Post by: sowhat-x on September 05, 2007, 10:45:26 pm
A handy list of online semi-tutorials,
on how to de-obfuscate Javascript in webpages,
and see where a hidden malware originates,what it does etc.

Daniel Wesemann (SANS)
===================
http://handlers.sans.org/dwesemann/decode/

SANS Internet Storm Center
=====================
http://isc2.sans.org/diary.html?storyid=2268
http://isc2.sans.org/diary.html?storyid=2358
http://isc.sans.org/diary.html?storyid=3219
http://isc.sans.org/diary.html?storyid=1519

Websense Labs
============
http://www.websense.com/securitylabs/blog/blog.php?BlogID=86
http://www.websense.com/securitylabs/blog/blog.php?BlogID=98

PandaLabs
========
http://pandalabs.pandasecurity.com/archive/JavaScript-de_2D00_obfuscation-with-Rhino.aspx
Check out also the very nice paper that is mentioned in Panda's analysis,by Jose Nazario,
called "Reverse Engineering Malicious Javascript" - here's a direct link to it:
http://cansecwest.com/slides07/csw07-nazario.pdf

Finally,a short intro on how to de-obfuscate VBScript,
from the SANS people again ;-)
http://isc.sans.org/diary.html?storyid=3351
Title: Re: JavaScript De-obfuscation Techniques
Post by: sowhat-x on July 11, 2008, 09:28:27 am
One more 'tutorial' that I've just stumbled upon:
http://www.totalmalwareinfo.com/en/index.php?title=Obfuscation_methods_in_malicious_Java_scripts
Title: Re: JavaScript De-obfuscation Techniques
Post by: cjeremy on July 11, 2008, 04:10:22 pm
This link is 404 for me:
http://pandalabs.pandasecurity.com/JavaScript-de_2D00_obfuscation-with-Rhino.aspx

Title: Re: JavaScript De-obfuscation Techniques
Post by: sowhat-x on July 11, 2008, 04:13:54 pm
Seems like they moved the page to their 'archive' or so...fixed -> working link above ;-)