Jsunpack: An Automatic JavaScript Unpacker

<p>JavaScript is an advanced programming language that has many capabilities and libraries. Many attackers use JavaScript to exploit browsers because it allows them to dynamically control content, make additional HTTP requests and otherwise hide their activity. Attackers who exploit browser vulnerabilities quickly find new and clever ways to alter their code to subvert the latest defenses and make it more difficult or time consuming to decode. JavaScript exploits often affect users visiting infected or malicious sites. Usually, SQL-injection vulnerabilities that insert malicious scripts infect these sites. Less commonly, cross-site scripting (XSS) vulnerabilities, a less-serious type of vulnerability, deliver exploits to infect website visitors. The current state of JavaScript obfuscation and exploitation is difficult for analysts to keep up with. As a solution to this ongoing problem, jsunpack is one new tool that analysts can use to automatically unpack JavaScript.</p>

Presented by

Links