I am wondering where I can find a good site with resources on reversing web malware like javascript, flash, html5, and any other stuff that is designed to attack the clients.
Does anyone have any good resources on this?
Asked
Active
Viewed 407 times
2 Answers
5
Check http://wepawet.iseclab.org/ is an online malware checker for URLs. It is worth reading their reports. A bit outdated but a good tool for hunting samples: http://malzilla.sourceforge.net/. Javascript deobfuscator: https://addons.mozilla.org/en-US/firefox/addon/javascript-deobfuscator/ and for a Javascript debugger look for Venkman or Firebug.
An online javascript "unpacker": http://jsunpack.jeek.org/dec/go and if you extract the shellcode you can emulate it on http://libemu.carnivore.it/
dgarcia
- 476
- 3
- 6
-
That's a good set of links. Speaking of JS obfuscation,you might also take a look at my OWASP talk about just that subject - http://www.slideshare.net/kkotowicz/owaspmaliciousjavascripten . I tried to describe various obfuscation techniques and ways that malware code could bypass detection by Jsunpack and other tools. – Krzysztof Kotowicz Sep 26 '11 at 23:52
3
http://blog.armorize.com/ and http://blog.sucuri.net/ are good references for this kind of thing.
john
- 10,968
- 1
- 36
- 43