As shown in my last talk on malware analysis, automatic malware detectors could be easily beaten by detecting their emulation layer. For example, malware could always use Function.toString() method to check if any function has been emulated by the sandbox. Today I raise the bar a little - we'll switch the toString() method in a way that is significantly harder to detect by malware authors.
on security, malware, cryptography, pentesting, javascript, php and whatnots
Wednesday, June 16, 2010
Friday, June 11, 2010
Malicious Javascript talk - materials
I've published the talk from yesterday's OWASP meeting:
Update: English version
A/V recording of the talk - varlog.pl
Also - all the code from demonstrations is now published on GitHub, so you could take a look for yourselves (there even is an additional attack I forgot while giving the talk). Thank you for all the kind words - I really appreciate it. Personally I found Pawel's talk much more interesting and I kept taking notes as crazy :) Congratulations to you, Pawel! I'd like to hear your critical feedback on the talk - what one thing could be changed to make it better, were the examples ok, or maybe there was some confusion here and there, which part was boring etc. I'm still learning, although I must say that I really liked the subject presented.
Update: English version
Creating, obfuscating and analyzing malware JavaScript
View more presentations from Krzysztof Kotowicz.
Tworzenie, zaciemnianie i analiza złośliwego kodu JavaScript
View more presentations from Krzysztof Kotowicz.
A/V recording of the talk - varlog.pl
Also - all the code from demonstrations is now published on GitHub, so you could take a look for yourselves (there even is an additional attack I forgot while giving the talk). Thank you for all the kind words - I really appreciate it. Personally I found Pawel's talk much more interesting and I kept taking notes as crazy :) Congratulations to you, Pawel! I'd like to hear your critical feedback on the talk - what one thing could be changed to make it better, were the examples ok, or maybe there was some confusion here and there, which part was boring etc. I'm still learning, although I must say that I really liked the subject presented.