Jsunpack-network Edition Release: JavaScript Decoding and Intrusion Detection

ShmooCon VI - 2010

Presented by: Sean Palka
Date: Saturday February 06, 2010
Time: 10:00 - 11:00
Location: Back Room
Track: Build It!

<p>Attackers using web exploits are always improving their attacks to make them more effective at exploiting the victim, avoiding detection, and generally making attacks difficult for researchers to understand. While anti-virus products often try to detect malicious content by applying filters and finding hidden content, they generally do not help researchers because the only output they produce is a name indicating whether a file is malicious.<br><br>Jsunpack-n reports vulnerabilities that attackers target and full information of decodings. Jsunpack-n contains many unique improvments to last year's 2009 introduction of jsunpack at Shmoocon, most notably these include: release of full source code, the ability to use jsunpack-n to actively monitor network traffic (interface/packet capture file), detection of malicious content using both customizable rules and built-in detection mechanisms, pdf and swf decoding modules, and tree structures and URL tracking mechanisms.</p>

Links

Blake Hartstein

<p>Blake Hartstein works on the Rapid Response team at iDefense, a Verisign company. At iDefense, he is responsible for analyzing and reporting on samples of unknown malicious code and other suspicious activity. Prior to iDefense, Blake was an author of intrusion detection signatures and contributed to Emerging Threats, an open source community project that promotes a diverse Snort Signature set.</p>


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats