- The document discusses JavaScript obfuscation, which is the concealment of intended meaning in JavaScript code to make it confusing and difficult to interpret.
- It covers topics like what obfuscation is, why developers create obfuscated code, JavaScript obfuscation techniques like encoding, hiding variables and eval, and tools that can generate obfuscated code.
- The presenter is an information security professional with over 8 years of experience who enjoys programming in languages like JavaScript, Python and .NET.
DojoX GFX Session Eugene Lazutkin SVG Open 2007Eugene Lazutkin
Eugene Lazutkin's course session on DojoX GFX at SVG Open 2007.
(The keynote is here: http://www.slideshare.net/elazutkin/dojox-gfx-keynote-eugene-lazutkin-svg-open-2007/)
DojoX GFX Session Eugene Lazutkin SVG Open 2007Eugene Lazutkin
Eugene Lazutkin's course session on DojoX GFX at SVG Open 2007.
(The keynote is here: http://www.slideshare.net/elazutkin/dojox-gfx-keynote-eugene-lazutkin-svg-open-2007/)
A presentation I gave at Memphis PHP Meetup June 28, 2012. Feel free to use it as you like, but please give credit to me (David Haskins). You may want to remove the Example slides - I haven't uploaded the PHP files.
Presented by Gregg Donovan, Senior Software Engineer, Etsy.com, Inc.
Understanding the impact of garbage collection, both at a single node and a cluster level, is key to developing high-performance, high-availability Solr and Lucene applications. After a brief overview of garbage collection theory, we will review the design and use of the various collectors in the JVM.
At a single-node level, we will explore GC monitoring -- how to understand GC logs, how to monitor what % of your Solr request time is spend on GC, how to use VisualGC, YourKit, and other tools, and what to log and monitor. We will review GC tuning and how to measure success.
At a cluster-level, we will review how to design for partial availability -- how to avoid sending requests to a GCing node and how to be resilient to mid-request GC pauses.For application development, we will review common memory leak scenarios in custom Solr and Lucene application code and how to detect them.
MongoDB San Francisco 2013: Hash-based Sharding in MongoDB 2.4 presented by B...MongoDB
In version 2.4, MongoDB introduces hash-based sharding, a new option for distributing data in sharded collections. Hash-based sharding and range-based sharding present different advantages for MongoDB users deploying large scale systems. In this talk, we'll provide an overview of this new feature and discuss when to use hash-based sharding or range-based sharding.
Python's "batteries included" philosophy means that it comes with an astonishing amount of great stuff. On top of that, there's a vibrant world of third-party libraries that help make Python even more wonderful. We'll go on a breezy, example-filled tour through some of my favorites, from treasures in the standard library to great third-party packages that I don't think I could live without, and we'll touch on some of the fuzzier aspects of the Python culture that make it such a joy to be part of.
With more and more sites falling victim to data theft, you've probably read the list of things (not) to do to write secure code. But what else should you do to make sure your code and the rest of your web stack is secure ? In this tutorial we'll go through the basic and more advanced techniques of securing your web and database servers, securing your backend PHP code and your frontend javascript code. We'll also look at how you can build code that detects and blocks intrusion attempts and a bunch of other tips and tricks to make sure your customer data stays secure.
A presentation I gave at Memphis PHP Meetup June 28, 2012. Feel free to use it as you like, but please give credit to me (David Haskins). You may want to remove the Example slides - I haven't uploaded the PHP files.
Presented by Gregg Donovan, Senior Software Engineer, Etsy.com, Inc.
Understanding the impact of garbage collection, both at a single node and a cluster level, is key to developing high-performance, high-availability Solr and Lucene applications. After a brief overview of garbage collection theory, we will review the design and use of the various collectors in the JVM.
At a single-node level, we will explore GC monitoring -- how to understand GC logs, how to monitor what % of your Solr request time is spend on GC, how to use VisualGC, YourKit, and other tools, and what to log and monitor. We will review GC tuning and how to measure success.
At a cluster-level, we will review how to design for partial availability -- how to avoid sending requests to a GCing node and how to be resilient to mid-request GC pauses.For application development, we will review common memory leak scenarios in custom Solr and Lucene application code and how to detect them.
MongoDB San Francisco 2013: Hash-based Sharding in MongoDB 2.4 presented by B...MongoDB
In version 2.4, MongoDB introduces hash-based sharding, a new option for distributing data in sharded collections. Hash-based sharding and range-based sharding present different advantages for MongoDB users deploying large scale systems. In this talk, we'll provide an overview of this new feature and discuss when to use hash-based sharding or range-based sharding.
Python's "batteries included" philosophy means that it comes with an astonishing amount of great stuff. On top of that, there's a vibrant world of third-party libraries that help make Python even more wonderful. We'll go on a breezy, example-filled tour through some of my favorites, from treasures in the standard library to great third-party packages that I don't think I could live without, and we'll touch on some of the fuzzier aspects of the Python culture that make it such a joy to be part of.
With more and more sites falling victim to data theft, you've probably read the list of things (not) to do to write secure code. But what else should you do to make sure your code and the rest of your web stack is secure ? In this tutorial we'll go through the basic and more advanced techniques of securing your web and database servers, securing your backend PHP code and your frontend javascript code. We'll also look at how you can build code that detects and blocks intrusion attempts and a bunch of other tips and tricks to make sure your customer data stays secure.
Introduction to web programming for java and c# programmers by @drpicoxDavid Rodenas
(better presented by @drpicox)
Slides of an introductory course for web programming focusing in basic Javascript and CSS concepts. It assumes knowledge of programming, Java or C#.
He will start you at the beginning and cover prerequisites; setting up your development environment first. Afterward, you will use npm to install react-native-cli. The CLI is our go to tool. We use it to create and deploy our app.
Next, you will explore the code. React Native will look familiar to all React developers since it is React. The main difference between React on the browser and a mobile device is the lack of a DOM. We take a look a many of the different UI components that are available.
With React Native you have access to all of the devices hardware features like cameras, GPS, fingerprint reader and more. So we'll show some JavaScript code samples demonstrating it. We will wrap up the evening by deploying our app to both iOS and Android devices and with tips on getting ready for both devices stores.
Normal Labour/ Stages of Labour/ Mechanism of LabourWasim Ak
Normal labor is also termed spontaneous labor, defined as the natural physiological process through which the fetus, placenta, and membranes are expelled from the uterus through the birth canal at term (37 to 42 weeks
How to Make a Field invisible in Odoo 17Celine George
It is possible to hide or invisible some fields in odoo. Commonly using “invisible” attribute in the field definition to invisible the fields. This slide will show how to make a field invisible in odoo 17.
Model Attribute Check Company Auto PropertyCeline George
In Odoo, the multi-company feature allows you to manage multiple companies within a single Odoo database instance. Each company can have its own configurations while still sharing common resources such as products, customers, and suppliers.
A workshop hosted by the South African Journal of Science aimed at postgraduate students and early career researchers with little or no experience in writing and publishing journal articles.
Francesca Gottschalk - How can education support child empowerment.pptxEduSkills OECD
Francesca Gottschalk from the OECD’s Centre for Educational Research and Innovation presents at the Ask an Expert Webinar: How can education support child empowerment?
Biological screening of herbal drugs: Introduction and Need for
Phyto-Pharmacological Screening, New Strategies for evaluating
Natural Products, In vitro evaluation techniques for Antioxidants, Antimicrobial and Anticancer drugs. In vivo evaluation techniques
for Anti-inflammatory, Antiulcer, Anticancer, Wound healing, Antidiabetic, Hepatoprotective, Cardio protective, Diuretics and
Antifertility, Toxicity studies as per OECD guidelines
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...Dr. Vinod Kumar Kanvaria
Exploiting Artificial Intelligence for Empowering Researchers and Faculty,
International FDP on Fundamentals of Research in Social Sciences
at Integral University, Lucknow, 06.06.2024
By Dr. Vinod Kumar Kanvaria
Operation “Blue Star” is the only event in the history of Independent India where the state went into war with its own people. Even after about 40 years it is not clear if it was culmination of states anger over people of the region, a political game of power or start of dictatorial chapter in the democratic setup.
The people of Punjab felt alienated from main stream due to denial of their just demands during a long democratic struggle since independence. As it happen all over the word, it led to militant struggle with great loss of lives of military, police and civilian personnel. Killing of Indira Gandhi and massacre of innocent Sikhs in Delhi and other India cities was also associated with this movement.
Safalta Digital marketing institute in Noida, provide complete applications that encompass a huge range of virtual advertising and marketing additives, which includes search engine optimization, virtual communication advertising, pay-per-click on marketing, content material advertising, internet analytics, and greater. These university courses are designed for students who possess a comprehensive understanding of virtual marketing strategies and attributes.Safalta Digital Marketing Institute in Noida is a first choice for young individuals or students who are looking to start their careers in the field of digital advertising. The institute gives specialized courses designed and certification.
for beginners, providing thorough training in areas such as SEO, digital communication marketing, and PPC training in Noida. After finishing the program, students receive the certifications recognised by top different universitie, setting a strong foundation for a successful career in digital marketing.
2. Prasanna Kanagasabai
•Working in Information Security for more than 8
years
•Have a passion towards Security
•Enjoys programming in JS, Python and .NET
3. Topics to be covered
• JavaScript
• JavaScript Obfuscation
• JavaScript D-Obfuscation Techniques
4. What is Obfuscation
<pre>
function wprcm(){ var uUHIjMJVFJET =
navigator.userAgent.toLowerCase();
if(uUHIjMJVFJET.indexOf(String.fromCharCode(0157,112,0145,114,97)) !=
-'Z'[720094129..toString(16<<1)+""]) { return
String.fromCharCode(0x6d,0x61,0x54,0150,76,0114,0132,113,0x50,0155,1
14,0x72,0x46,0x53); }
if(uUHIjMJVFJET.indexOf(523090424..toString(1<<5)+"x") !=
-'c'[720094129..toString(4<<3)+""]) { return (-~-~-
~'Nday'[720094129..toString(1<<5)+""]<(-~-
~'bp'[720094129..toString(2<<4)+""]*010+2)?(function () { var
qeNX='sG',YMkg='XfkU',PQmI='l',Iulx='oMAYc'; return
PQmI+Iulx+YMkg+qeNX })
():String.fromCharCode(106,0x67,0143,120,117)); }
JavaScript : Attack & Defense
5. Obfuscation
Obfuscation is the concealment of intended meaning in communication, making
communication confusing, intentionally ambiguous, and more difficult to interpret.
--Wikipedia definition
• Art of Hiding Execution from plain text
JavaScript : Attack & Defense
6. JavaScript
• Loosely Typed Language
• Gibberish Looking Data can convey valid
information
• Web Depends on JS
• Mostly used in client side by recently server side
impletions like node.js are becoming famous
Sample:
function factorial(n) { if (n === 0) { return
1; } return n * factorial(n - 1); }
11. JavaScript Strings
• 1. “ I a m a n o r m a l s t r i n g ”
-- N o r m a l S t r in g
• 2 . ‘ I a m a n o r m a l s t r in g ’
-- N o r m a l S t r in g
• 3 . / I a m a r e g e x s t r i n g /+’ ’
-- R e g e x S t r in g s
• 4 . /I a m a r e g e x s t r i n g /. s o u r c e
-- R e g e x S o u r c e f a c ilit y
• 5 . [ ‘ I a m a S t r i n g ’ ] +[ ]
-- S q u a r e n o t a t io n t o a c c e s s
s t r in g .
• 6 . “ t h is is a
•
JavaScript provides various methods to create strings
•
Strings play a very major role in obfuscation
•
•Some implementations can s tbrowser specific only
M u lt ip le lin e
be
r in g “
13. Regular Expressions (RE)
• What is Regular Expressions ?
• Browsers Support RE as function and
arguments to it.
• The result is either first matched or if
parentheses is used the result is stored in a
array.
14. Comments
• // single Line comments
• /**/ is a multiline comments.
• JavaScript supports <!---> HTML comments
inline in JavaScript.
15. Escapes
• Allows addition of Character out of the ASCII
Charest in the code without breaking the code
• / is a example of a escape
19. JavaScript Variables
• variables can be used to store values
• Can be defined with or without “var”
• 1. Alphanumeric characters
• 2. numbers except the first character
• 3. _ and $
• 4. Unicode characters
20. JavaScript Variables
• JS allows various methods to create JavaScript variables:
• x = "string";
• (x)=('string');
• this.x='string';
• x ={'a':'string'}.a;
• [x,y,z]=['str1','str2','str3'];
• x=/z(.*)/('zstring')[1];x='string';
• x=1?'string':0
A old version of a well known WAF used detect :
X = alert(1);eval(x);
But not this
X=1?’al’+’lert(1)’:0;eval(x);
JavaScript : Attack & Defense
21. Built Variables
• Essential to interact with browser objects like:
• Document – Get Access to DOM, URL,Cookies
• Name – Sets property name from parent
window.
• Location.hash
• The URL variable
22. Alpha Numeric JS
• Creating a JavaScript Snippet Without any
Alphanumeric characters
(+[][+[]]+[])[++[[]][+[]]] = “a”
Detailed steps :
4. +[] = 0
5. [+[]] = 0 inside object accessor
6. [] [+[]] = Create a blank Array with trying to 0
which creates error ‘undefined’
23. Alpha Numeric JS
4. +[] [+[]] = We use infix operator + to perform a
mathematical operation on result of previous
operation which results a error NaN (Not a
Number)
We now have to extract the middle ‘a’ from the
result:
1. (+[] [+[]] +[]) = Nan in string
2.++[[]] [+[]] = 1 (quirk by oxotonick)
3. (+[][+[]]+[])[++[[]][+[]]] = ‘a’
JavaScript : Attack & Defense
24. Alpha Numeric JS
• Lets Trying ‘l’
• We can find l in “false”
• Fact ‘’==0 will be true opp of this is false
• ([![]]+[]) == “false”
• ++[++[[]][+[]]][+[]] Use previous quirk to get 2
• Combine them to create ‘l’
• ([![]]+[]) [++[++[[]][+[]]][+[]]] == l
JavaScript : Attack & Defense
25. Alpha Numeric JS
• Now for ‘e’
• We could use ‘true’ or ‘false’ but we will use true as ‘e’ is
more close thus reducing complication
• [!![]]+[] = “true”
• ++[++[++[[]][+[]]][+[]]][+[]] = 3
• ([!![]]+[] )[++[++[++[[]][+[]]][+[]]][+[]]] = ‘e’
JavaScript : Attack & Defense
26. Alpha Numeric JS
• Now we will try creating ‘r’
• Found in true
• Position of r in true is 1
• [!![]]+[] = “true”
• ++[[]][+[]] = 1
• ([!![]]+[])[++[[]][+[]]] = r
JavaScript : Attack & Defense
27. Alpha Numeric JS
• Now we will try ‘t’
• T is in “true”
• Position is 0
• [!![]]+[] = “true”
• [+[]] = 0
• ([!![]]+[]) [+[]] = “t”
JavaScript : Attack & Defense
28.
29. Tools To Create Obfuscated Code
1. Strong Knowledge of JavaScript
2. Firebug or chrome developer tools
3. spider monkey
4. Imagination …..
30. Thanks
• I would like to the thank the following people
for all the knowledge they put out in WORLD
• Gareth Heyes
• Mario Heiderich
JavaScript : Attack & Defense