Jsunpack: A Solution To Decode Javascript Exploits As They Rapidly Evolve presented at ShmooCon 2009

by Blake Hartstein,

Tags: Security Community Exploitation Browser

Summary : Slides
JavaScript is an advanced programming language that has many capabilities and libraries. Many attackers use JavaScript to exploit browsers because it allows them to dynamically control content, make additional HTTP requests and otherwise hide their activity. Attackers who exploit browser vulnerabilities quickly find new and clever ways to alter their code to subvert the latest defenses and make it more difficult or time consuming to decode. JavaScript exploits often affect users visiting infected or malicious sites. Usually, SQL-injection vulnerabilities that insert malicious scripts infect these sites. Less commonly, cross-site scripting (XSS) vulnerabilities, a less-serious type of vulnerability, deliver exploits to infect website visitors. The current state of JavaScript obfuscation and exploitation is difficult for analysts to keep up with. As a solution to this ongoing problem, jsunpack is one new tool that analysts can use to automatically unpack JavaScript.
Blake Hartstein works on the Rapid Response team at iDefense, a Verisign company. At iDefense, he is responsible for analyzing and reporting on samples of unknown malicious code and other suspicious activity. Prior to iDefense, Blake was an author of intrusion detection signatures and contributed to Emerging Threats, an open source community project that promotes a diverse Snort Signature set.