Impressive Javascript Encoder
There are many online Javascript encoder sites that enable you to obfuscate your Internet link or email address. Most of the Javascript encoders that I’ve seen don’t pose much of a challenge and are...
View ArticleNew Exploit Kit – EgyPack
First off, many thanks goes out to Paul for doing all of the legwork on this new discovery! A new pack has emerged called EgyPack. The malicious link points to, what looks like a JPEG file (careful, it...
View ArticleDeobfuscating the Facebook Spam Script
The latest Facebook spam Javascript code was sent to me. Apparently there are two versions, one was obfuscated while the other wasn’t. Lucky me, I get the obfuscated one! My first thought was “wow,...
View ArticleMeta(sploit) Pack
Some time ago, the Open Source Exploit Pack was released on some hacker forums. As the name implies, the author has intended for this to be open source and improved by others. Well, someone recently...
View ArticleHidden Malicious Redirector
Normally when you visit a webpage that’s been compromised, you can find the malicious redirect link (e.g. iframe, Javascript) by viewing the HTML source code. On this particular website, the malicious...
View ArticleBlack Hole Malvertisement Campaign
There’s yet another malvertisement that leads to Black Hole. This campaign is affecting a fairly popular site. The malicious script is linked from many of the site’s pages. Here’s a shot of the...
View ArticleJavascript Deobfuscation Tools (Part 1)
Deobfuscating Javascript can be tricky so why not make the job easier by using a tool? There’s several tools that can help you deobfuscate Javascript. Before I get to those tools, I wanted to show you...
View ArticleJavascript Deobfucation Tools (Part 2)
In the previous article, I manually deobfuscated three malicious scripts. This time around, I’ll use publicly available tools to see which ones can tackle real-world obfuscated Javascript code. Here’s...
View ArticlePlaying Hide and Seek with Malicious Scripts
When I encounter a drive-by download that involves a compromised host, there will usually be a malicious script somewhere on the website. The “malicious script” could be a meta refresh tag, an iframe,...
View ArticleText Decoder Toolkit
Here’s a challenge for you, what does this decode to? T{4 G=C 9 I was asked by a couple of folks to help them decode this (this isn't the exact string but it's similar). This was from a CTF and they...
View Article
More Pages to Explore .....