Jsunpack: An Automatic JavaScript Unpacker

ShmooCon V - 2009

Presented by: Sean Palka
Date: Sunday February 08, 2009
Time: 12:00 - 13:00
Location: Front Room
Track: Build It!

<p>JavaScript is an advanced programming language that has many capabilities and libraries. Many attackers use JavaScript to exploit browsers because it allows them to dynamically control content, make additional HTTP requests and otherwise hide their activity. Attackers who exploit browser vulnerabilities quickly find new and clever ways to alter their code to subvert the latest defenses and make it more difficult or time consuming to decode. JavaScript exploits often affect users visiting infected or malicious sites. Usually, SQL-injection vulnerabilities that insert malicious scripts infect these sites. Less commonly, cross-site scripting (XSS) vulnerabilities, a less-serious type of vulnerability, deliver exploits to infect website visitors. The current state of JavaScript obfuscation and exploitation is difficult for analysts to keep up with. As a solution to this ongoing problem, jsunpack is one new tool that analysts can use to automatically unpack JavaScript.</p>

Links

Blake Hartstein

Blake Hartstein works on the Rapid Response team at iDefense, a Verisign company. At iDefense, he is responsible for analyzing and reporting on samples of unknown malicious code and other suspicious activity. Prior to iDefense, Blake was an author of intrusion detection signatures and contributed to Emerging Threats, an open source community project that promotes a diverse Snort Signature set.</p>


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats