Threat Level: green Handler on Duty: Tom Webb

SANS ISC: Javascript obfuscators used in the wild - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Javascript obfuscators used in the wild

I have been doing some research on Javascript obfuscators.  Various handlers have done stories in the past on how to reverse engineer obfuscated javascript that does evil things.  But I would be interested in hearing what kind of obfuscators people have been finding being used in the wild.  Are you able to identify the obfuscator just by looking at it?  What are the hardest off-the-shelf obfuscators to reverse-engineer?  I will collect responses and post them throughout the day (unless you wish the information to remain private).

-Kyle Haugsness

Kyle

112 Posts
The Dean Edwards Packer is used quite a bit for packing/obfuscating scripts. Additionally stunnix is used quite a bit too.

Both of these can be identified.
Anonymous
I'm not sure how to identify a given packer/obfuscator; JSUnpack (http://jsunpack.jeek.org/dec/go) takes care of them all, though. I've never met a script it couldn't handle.
computerfreaker

4 Posts

Sign Up for Free or Log In to start participating in the conversation!