random dross

Web security and beyond...

Browse by Tags

Tagged Content List
  • Blog Post: De-obfuscation using a standalone Javascript interpreter

    Mark Wodrich forwarded me this Websense blog post describing how to use a standalone Javascript interpreter to de-obfuscate some script. Thanks Mark!
  • Blog Post: eval() and document.write(), meet Execute and ExecuteGlobal

    Be on the lookout for these two VBScript statements that can be used to achieve the same effect as eval() and document.write(): Execute and ExecuteGlobal . Jonathan Ness pointed me to an exploit sample that was using Execute, presumably to trip up any eval() or document.write() dependent detection...
  • Blog Post: Recursive Obfuscation

    Thanks to Jonathan Ness for pointing me to an example of a new obfuscation technique that attempts to thwart the eval() à alert() trick . Take a look at the following obfuscation script: 1 <script> 2 function N(F,D) 3 { 4 if (!D) D = ' "#%()-./012348:;<=>@ACEGHILMOPRTVWY\\]_abcdefghijlmnopqrstuvwxyz...
  • Blog Post: High-bit ASCII obfuscation

    Here’s another new obfuscation technique I’ve seen in use on malicious web sites recently. Check out the following HTML: <html><meta http-equiv=content-type content='text/html; charset=us-ascii'></head><body>¼óãòéðô¾áìåòô¨¢Ôèéó éó óïíå ïâæõóãáôåä óãòéðô¡¢©»¼¯óãòéðô¾</body><...
  • Blog Post: Code length dependent obfuscation

    Wow, it’s been a long time! Hopefully I can find more time to blog over the next couple of months. In any event, my paper from last year really could use some updates. Among other things there are a whole new slew of “Usual Suspect” vulnerabilities to document. For this post I’ll focus on documenting...
  • Blog Post: Analyzing Browser Based Vulnerability Exploitation Incidents

    I've written up a paper that describes some useful tools/techniques for deconstructing web based exploits: Analyzing Browser Based Vulnerability Exploitation Incidents The paper started as a blog entry and it remains a blog entry at its core. But since really huge blog entries are uncool (so I...
Page 1 of 1 (6 items)