SlideShare a Scribd company logo

Understanding & analyzing obfuscated malicious web scripts by Vikram Kharvi

C
Cysinfo Cyber Security Community

This document discusses techniques for analyzing obfuscated malicious web scripts. It begins by noting some limitations and objectives of the analysis. It then covers common obfuscation techniques used such as minification, visual noise, character encoding, and multiple layers of obfuscation. Methods for deobfuscation without wasting time are presented, such as using beautification tools and writing custom scripts. Specific tools are also highlighted that can aid in deobfuscation, like Didier Stevens tools and JavaScript analysis tools. Lastly, it discusses prevention best practices like keeping systems updated and avoiding unknown links/emails.

1 of 21
Download to read offline
Understanding and analyzing obfuscated malicious web scripts
HELLO! I am Vikram Kharvi Student@PESIT Intern@Deloitte-Cyber Risk Malware Analysis,Pen-Testing,Developer. You can find me at vikram984511@gmail.com 2
All about this session Note •Will not cover intent of exploit. •Will not cover reverse engineering. •We will be interested in what malicious script does and not how it does. Getting started with analysis of malicious script. Common obfuscation techniques used by Malicious script authors. Ways to deobfuscate scripts without wasting much time. Tools that can be used to deobfuscate scripts. Find this slide @ cysinfo.com 3
Getting started with analysis of malicious web scripts
MOBILE PROJECT Show and explain your web, app or software projects using these gadget templates. Place your screenshot here 5
Use Virtual Machines or Sandbox before visiting malicious site. 6
⊗ Always replace eval() with console.log() to understand what is being executed by Javascript. ⊗ Focus on try catch method in javascript. ⊗ Check for Evercookie for persistent data. https://github.com/samyk/evercookie 7
⊗ Flag iframes. ⊗ Flag CSS where you find visibility:false; or hidden. ⊗ Check for external links. ⊗ Flag DOM in JS 8
Obfuscation Techniques • Minification • Visual Noise • Function name/keyword substitution • Obscure language features (e.g. JS tuples) • Encoding/Encryption • Multiple levels of obfuscation • JavaScript obfuscation web sites 9
Minification • Remove whitespace from script. • Rename variables and functions with smaller names • JSCompress.com • To reformat use beautification tool like js -beautify beautify beautify or website. or website. 10
Visual Noise Increase difficulty of reading code without changing its functionality. •Spurious comments •Dead code •Long names •String splitting •Character substitution (e.g. replace) 11
Removing Visual Noise How to deobfuscate •Manually remove noise. •Write a script. •Extract meaningful code. 12
Character Encoding Encodings •Hex (just hex characters) •Backslash Hex (x<n>) https://www.obkb.com/dcljr/charstxt.html • Ampersand Hex(&H<n>) https://www.toptal.com/designers/htmlarrows/letters • Backslash Unicode (u<n>)https://en.wikipedia.org/wiki/List_of_Unicode_characters • Percent Unicode (%u<n>)https://en.wikipedia.org/wiki/List_of_Unicode_characters • Octal (<n>) 13
Deobfuscating Character Encoding • Normalize encoded chars to readable characters. • Didier Stevens tools (base64dump.py, numbers-to-string.py, etc.) https://remnux.org/ • Custom script 14
Deobfuscation Principles • Make the script do work. • Don’t sweat the details. • Beautify the script • Look for anything recognizable. • Peel back the layers. 15
Tools •oledump.py: Analyse Analyse MS Office files. •pdfid.py/pdf -parser.py: Analyze PDF files. •base64dump.py: Extract base64 and hex encoded strings •js -file/js -ascii(modified SpiderMonkey) Run JavaScript outside browser. 16
•urldecode.py •Strip_xml •Combine_strings •decode_chars.py: Decode mixed encodings. •js -beautify •Linux tools (grep, sed, awk awk, cut, etc.) More Tools 17
Demo 18
19Prevention and best practices ● Having a robust anti-virus or full security solution installed on their computers. ● Make sure to update the operating system with the latest security patches. ● Keeping all updates running on computer up-to-date and download updates on a regular basis as they are released to avoid vulnerabilities. ● Making it a habit to run regular full system scans to check for problems and remove them. ● Avoid clicking on links from websites of unknown origins or are embedded in the body of emails, especially in spam e-mails. ● Checking the redirection of links by hovering on top of the links, you can see where the links will redirect from the status bar. ● Installing security plugin opened by web browser, such as automatic blockage of JavaScript execution or force download activities. ● For Web administrators take a note on upgrading all web applications and monitoring them to locate any type of scripts that may have been inserted by third parties.
CREDITS Evan H Dygert Didier Stevens Monnappa K A 20 Thanks
THANKS! Any questions? You can find me at: vikram984511@gmail.com 21

Recommended

The Art of Executing JavaScript by Akhil Mahendra
The Art of Executing JavaScript by Akhil MahendraThe Art of Executing JavaScript by Akhil Mahendra
The Art of Executing JavaScript by Akhil Mahendra
Cysinfo Cyber Security Community
 
Veil-Ordnance
Veil-OrdnanceVeil-Ordnance
Veil-Ordnance
VeilFramework
 
Ever Present Persistence - Established Footholds Seen in the Wild
Ever Present Persistence - Established Footholds Seen in the WildEver Present Persistence - Established Footholds Seen in the Wild
Ever Present Persistence - Established Footholds Seen in the Wild
CTruncer
 
Wordlist Generation and Wifi Cracking
Wordlist Generation and Wifi CrackingWordlist Generation and Wifi Cracking
Wordlist Generation and Wifi Cracking
Shakar Bhattarai
 
Wordpress security
Wordpress securityWordpress security
Wordpress security
Mehmet Ince
 
Async js
Async jsAsync js
Async js
lahin31
 
Generamba
GenerambaGeneramba
Generamba
Nicolae Ghimbovschi
 
Same-origin Policy (SOP)
Same-origin Policy (SOP)Same-origin Policy (SOP)
Same-origin Policy (SOP)
Netsparker
 

Recommended

The Art of Executing JavaScript by Akhil Mahendra
The Art of Executing JavaScript by Akhil MahendraThe Art of Executing JavaScript by Akhil Mahendra
The Art of Executing JavaScript by Akhil Mahendra
Cysinfo Cyber Security Community
 
Veil-Ordnance
Veil-OrdnanceVeil-Ordnance
Veil-Ordnance
VeilFramework
 
Ever Present Persistence - Established Footholds Seen in the Wild
Ever Present Persistence - Established Footholds Seen in the WildEver Present Persistence - Established Footholds Seen in the Wild
Ever Present Persistence - Established Footholds Seen in the Wild
CTruncer
 
Wordlist Generation and Wifi Cracking
Wordlist Generation and Wifi CrackingWordlist Generation and Wifi Cracking
Wordlist Generation and Wifi Cracking
Shakar Bhattarai
 
Wordpress security
Wordpress securityWordpress security
Wordpress security
Mehmet Ince
 
Async js
Async jsAsync js
Async js
lahin31
 
Generamba
GenerambaGeneramba
Generamba
Nicolae Ghimbovschi
 
Same-origin Policy (SOP)
Same-origin Policy (SOP)Same-origin Policy (SOP)
Same-origin Policy (SOP)
Netsparker
 
The state of JavaScript Linting - English version
The state of JavaScript Linting - English versionThe state of JavaScript Linting - English version
The state of JavaScript Linting - English version
Michael Kühnel
 
Hacking - Breaking Into It
Hacking - Breaking Into ItHacking - Breaking Into It
Hacking - Breaking Into It
CTruncer
 
0d1n
0d1n0d1n
0d1n
Antonio Costa aka Cooler_
 
WAF protections and bypass resources
WAF protections and bypass resourcesWAF protections and bypass resources
WAF protections and bypass resources
Antonio Costa aka Cooler_
 
DeViL - Detect Virtual Machine in Linux by Sreelakshmi
DeViL - Detect Virtual Machine in Linux by SreelakshmiDeViL - Detect Virtual Machine in Linux by Sreelakshmi
DeViL - Detect Virtual Machine in Linux by Sreelakshmi
Cysinfo Cyber Security Community
 
Web Exploitation
Web ExploitationWeb Exploitation
Web Exploitation
UTD Computer Security Group
 
Make CSRF Again
Make CSRF AgainMake CSRF Again
Make CSRF Again
Netsparker
 
Tdd using Jasmine and karma
Tdd using Jasmine and karmaTdd using Jasmine and karma
Tdd using Jasmine and karma
Siddharth Mishra
 
What Goes In Must Come Out: Egress-Assess and Data Exfiltration
What Goes In Must Come Out: Egress-Assess and Data ExfiltrationWhat Goes In Must Come Out: Egress-Assess and Data Exfiltration
What Goes In Must Come Out: Egress-Assess and Data Exfiltration
CTruncer
 
Static analysis for beginners
Static analysis for beginnersStatic analysis for beginners
Static analysis for beginners
Antonio Costa aka Cooler_
 
The State of the Veil Framework
The State of the Veil FrameworkThe State of the Veil Framework
The State of the Veil Framework
VeilFramework
 
My tryst with sourcecode review
My tryst with sourcecode reviewMy tryst with sourcecode review
My tryst with sourcecode review
Anant Shrivastava
 
20151117 es lint
20151117 es lint20151117 es lint
20151117 es lint
Nakajima Shigeru
 
[Php Camp]Owasp Php Top5+Csrf
[Php Camp]Owasp Php Top5+Csrf[Php Camp]Owasp Php Top5+Csrf
[Php Camp]Owasp Php Top5+Csrf
Bipin Upadhyay
 
Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolf
Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolfDefeating xss-and-xsrf-with-my faces-frameworks-steve-wolf
Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolf
drewz lin
 
Hacking Vulnerable Websites to Bypass Firewalls
Hacking Vulnerable Websites to Bypass FirewallsHacking Vulnerable Websites to Bypass Firewalls
Hacking Vulnerable Websites to Bypass Firewalls
Netsparker
 
Fuzzing - Part 2
Fuzzing - Part 2Fuzzing - Part 2
Fuzzing - Part 2
UTD Computer Security Group
 
Understand study
Understand studyUnderstand study
Understand study
Antonio Costa aka Cooler_
 
Server-Side JavaScript with Nashorn
Server-Side JavaScript with NashornServer-Side JavaScript with Nashorn
Server-Side JavaScript with Nashorn
Daniel Woods
 
DEF CON 27 - ALON WEINBERG - please inject me a x64 code injection
DEF CON 27 - ALON WEINBERG - please inject me a x64 code injection DEF CON 27 - ALON WEINBERG - please inject me a x64 code injection
DEF CON 27 - ALON WEINBERG - please inject me a x64 code injection
Felipe Prado
 
Pipeline as code for your infrastructure as Code
Pipeline as code for your infrastructure as CodePipeline as code for your infrastructure as Code
Pipeline as code for your infrastructure as Code
Kris Buytaert
 
Abusing bleeding edge web standards for appsec glory
Abusing bleeding edge web standards for appsec gloryAbusing bleeding edge web standards for appsec glory
Abusing bleeding edge web standards for appsec glory
Priyanka Aash
 

More Related Content

What's hot

The state of JavaScript Linting - English version
The state of JavaScript Linting - English versionThe state of JavaScript Linting - English version
The state of JavaScript Linting - English version
Michael Kühnel
 
Hacking - Breaking Into It
Hacking - Breaking Into ItHacking - Breaking Into It
Hacking - Breaking Into It
CTruncer
 
0d1n
0d1n0d1n
0d1n
Antonio Costa aka Cooler_
 
WAF protections and bypass resources
WAF protections and bypass resourcesWAF protections and bypass resources
WAF protections and bypass resources
Antonio Costa aka Cooler_
 
DeViL - Detect Virtual Machine in Linux by Sreelakshmi
DeViL - Detect Virtual Machine in Linux by SreelakshmiDeViL - Detect Virtual Machine in Linux by Sreelakshmi
DeViL - Detect Virtual Machine in Linux by Sreelakshmi
Cysinfo Cyber Security Community
 
Web Exploitation
Web ExploitationWeb Exploitation
Web Exploitation
UTD Computer Security Group
 
Make CSRF Again
Make CSRF AgainMake CSRF Again
Make CSRF Again
Netsparker
 
Tdd using Jasmine and karma
Tdd using Jasmine and karmaTdd using Jasmine and karma
Tdd using Jasmine and karma
Siddharth Mishra
 
What Goes In Must Come Out: Egress-Assess and Data Exfiltration
What Goes In Must Come Out: Egress-Assess and Data ExfiltrationWhat Goes In Must Come Out: Egress-Assess and Data Exfiltration
What Goes In Must Come Out: Egress-Assess and Data Exfiltration
CTruncer
 
Static analysis for beginners
Static analysis for beginnersStatic analysis for beginners
Static analysis for beginners
Antonio Costa aka Cooler_
 
The State of the Veil Framework
The State of the Veil FrameworkThe State of the Veil Framework
The State of the Veil Framework
VeilFramework
 
My tryst with sourcecode review
My tryst with sourcecode reviewMy tryst with sourcecode review
My tryst with sourcecode review
Anant Shrivastava
 
20151117 es lint
20151117 es lint20151117 es lint
20151117 es lint
Nakajima Shigeru
 
[Php Camp]Owasp Php Top5+Csrf
[Php Camp]Owasp Php Top5+Csrf[Php Camp]Owasp Php Top5+Csrf
[Php Camp]Owasp Php Top5+Csrf
Bipin Upadhyay
 
Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolf
Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolfDefeating xss-and-xsrf-with-my faces-frameworks-steve-wolf
Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolf
drewz lin
 
Hacking Vulnerable Websites to Bypass Firewalls
Hacking Vulnerable Websites to Bypass FirewallsHacking Vulnerable Websites to Bypass Firewalls
Hacking Vulnerable Websites to Bypass Firewalls
Netsparker
 
Fuzzing - Part 2
Fuzzing - Part 2Fuzzing - Part 2
Fuzzing - Part 2
UTD Computer Security Group
 
Understand study
Understand studyUnderstand study
Understand study
Antonio Costa aka Cooler_
 
Server-Side JavaScript with Nashorn
Server-Side JavaScript with NashornServer-Side JavaScript with Nashorn
Server-Side JavaScript with Nashorn
Daniel Woods
 
DEF CON 27 - ALON WEINBERG - please inject me a x64 code injection
DEF CON 27 - ALON WEINBERG - please inject me a x64 code injection DEF CON 27 - ALON WEINBERG - please inject me a x64 code injection
DEF CON 27 - ALON WEINBERG - please inject me a x64 code injection
Felipe Prado
 

What's hot (20)

The state of JavaScript Linting - English version
The state of JavaScript Linting - English versionThe state of JavaScript Linting - English version
The state of JavaScript Linting - English version
 
Hacking - Breaking Into It
Hacking - Breaking Into ItHacking - Breaking Into It
Hacking - Breaking Into It
 
0d1n
0d1n0d1n
0d1n
 
WAF protections and bypass resources
WAF protections and bypass resourcesWAF protections and bypass resources
WAF protections and bypass resources
 
DeViL - Detect Virtual Machine in Linux by Sreelakshmi
DeViL - Detect Virtual Machine in Linux by SreelakshmiDeViL - Detect Virtual Machine in Linux by Sreelakshmi
DeViL - Detect Virtual Machine in Linux by Sreelakshmi
 
Web Exploitation
Web ExploitationWeb Exploitation
Web Exploitation
 
Make CSRF Again
Make CSRF AgainMake CSRF Again
Make CSRF Again
 
Tdd using Jasmine and karma
Tdd using Jasmine and karmaTdd using Jasmine and karma
Tdd using Jasmine and karma
 
What Goes In Must Come Out: Egress-Assess and Data Exfiltration
What Goes In Must Come Out: Egress-Assess and Data ExfiltrationWhat Goes In Must Come Out: Egress-Assess and Data Exfiltration
What Goes In Must Come Out: Egress-Assess and Data Exfiltration
 
Static analysis for beginners
Static analysis for beginnersStatic analysis for beginners
Static analysis for beginners
 
The State of the Veil Framework
The State of the Veil FrameworkThe State of the Veil Framework
The State of the Veil Framework
 
My tryst with sourcecode review
My tryst with sourcecode reviewMy tryst with sourcecode review
My tryst with sourcecode review
 
20151117 es lint
20151117 es lint20151117 es lint
20151117 es lint
 
[Php Camp]Owasp Php Top5+Csrf
[Php Camp]Owasp Php Top5+Csrf[Php Camp]Owasp Php Top5+Csrf
[Php Camp]Owasp Php Top5+Csrf
 
Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolf
Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolfDefeating xss-and-xsrf-with-my faces-frameworks-steve-wolf
Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolf
 
Hacking Vulnerable Websites to Bypass Firewalls
Hacking Vulnerable Websites to Bypass FirewallsHacking Vulnerable Websites to Bypass Firewalls
Hacking Vulnerable Websites to Bypass Firewalls
 
Fuzzing - Part 2
Fuzzing - Part 2Fuzzing - Part 2
Fuzzing - Part 2
 
Understand study
Understand studyUnderstand study
Understand study
 
Server-Side JavaScript with Nashorn
Server-Side JavaScript with NashornServer-Side JavaScript with Nashorn
Server-Side JavaScript with Nashorn
 
DEF CON 27 - ALON WEINBERG - please inject me a x64 code injection
DEF CON 27 - ALON WEINBERG - please inject me a x64 code injection DEF CON 27 - ALON WEINBERG - please inject me a x64 code injection
DEF CON 27 - ALON WEINBERG - please inject me a x64 code injection
 

Similar to Understanding & analyzing obfuscated malicious web scripts by Vikram Kharvi

Pipeline as code for your infrastructure as Code
Pipeline as code for your infrastructure as CodePipeline as code for your infrastructure as Code
Pipeline as code for your infrastructure as Code
Kris Buytaert
 
Abusing bleeding edge web standards for appsec glory
Abusing bleeding edge web standards for appsec gloryAbusing bleeding edge web standards for appsec glory
Abusing bleeding edge web standards for appsec glory
Priyanka Aash
 
AV Evasion with the Veil Framework
AV Evasion with the Veil FrameworkAV Evasion with the Veil Framework
AV Evasion with the Veil Framework
VeilFramework
 
Django dev-env-my-way
Django dev-env-my-wayDjango dev-env-my-way
Django dev-env-my-way
Robert Lujo
 
Web security: Securing Untrusted Web Content in Browsers
Web security: Securing Untrusted Web Content in BrowsersWeb security: Securing Untrusted Web Content in Browsers
Web security: Securing Untrusted Web Content in Browsers
Phú Phùng
 
A Battle Against the Industry - Beating Antivirus for Meterpreter and More
A Battle Against the Industry - Beating Antivirus for Meterpreter and MoreA Battle Against the Industry - Beating Antivirus for Meterpreter and More
A Battle Against the Industry - Beating Antivirus for Meterpreter and More
CTruncer
 
Comment améliorer le quotidien des Développeurs PHP ?
Comment améliorer le quotidien des Développeurs PHP ?Comment améliorer le quotidien des Développeurs PHP ?
Comment améliorer le quotidien des Développeurs PHP ?
AFUP_Limoges
 
Coding for production
Coding for productionCoding for production
Coding for production
jehiah
 
Automated JavaScript Deobfuscation - PacSec 2007
Automated JavaScript Deobfuscation - PacSec 2007Automated JavaScript Deobfuscation - PacSec 2007
Automated JavaScript Deobfuscation - PacSec 2007
Stephan Chenette
 
InSpec For DevOpsDays Amsterdam 2017
InSpec For DevOpsDays Amsterdam 2017InSpec For DevOpsDays Amsterdam 2017
InSpec For DevOpsDays Amsterdam 2017
Mandi Walls
 
Quality code in wordpress
Quality code in wordpressQuality code in wordpress
Quality code in wordpress
Ran Bar-Zik
 
How to write good quality code
How to write good quality codeHow to write good quality code
How to write good quality code
Hayden Bleasel
 
On the Edge Systems Administration with Golang
On the Edge Systems Administration with GolangOn the Edge Systems Administration with Golang
On the Edge Systems Administration with Golang
Chris McEniry
 
Building Open-source React Components
Building Open-source React ComponentsBuilding Open-source React Components
Building Open-source React Components
Zack Argyle
 
Building Open-Source React Components
Building Open-Source React ComponentsBuilding Open-Source React Components
Building Open-Source React Components
Zack Argyle
 
Continuous feature-development
Continuous feature-developmentContinuous feature-development
Continuous feature-development
nhm taveer hossain khan
 
How to Shot Web - Jason Haddix at DEFCON 23 - See it Live: Details in Descrip...
How to Shot Web - Jason Haddix at DEFCON 23 - See it Live: Details in Descrip...How to Shot Web - Jason Haddix at DEFCON 23 - See it Live: Details in Descrip...
How to Shot Web - Jason Haddix at DEFCON 23 - See it Live: Details in Descrip...
bugcrowd
 
Native Script Overview
Native Script OverviewNative Script Overview
Native Script Overview
Baskar rao Dsn
 
Bug Bounty Hunter Methodology - Nullcon 2016
Bug Bounty Hunter Methodology - Nullcon 2016Bug Bounty Hunter Methodology - Nullcon 2016
Bug Bounty Hunter Methodology - Nullcon 2016
bugcrowd
 
Lions, Tigers and Deers: What building zoos can teach us about securing micro...
Lions, Tigers and Deers: What building zoos can teach us about securing micro...Lions, Tigers and Deers: What building zoos can teach us about securing micro...
Lions, Tigers and Deers: What building zoos can teach us about securing micro...
Sysdig
 

Similar to Understanding & analyzing obfuscated malicious web scripts by Vikram Kharvi (20)

Pipeline as code for your infrastructure as Code
Pipeline as code for your infrastructure as CodePipeline as code for your infrastructure as Code
Pipeline as code for your infrastructure as Code
 
Abusing bleeding edge web standards for appsec glory
Abusing bleeding edge web standards for appsec gloryAbusing bleeding edge web standards for appsec glory
Abusing bleeding edge web standards for appsec glory
 
AV Evasion with the Veil Framework
AV Evasion with the Veil FrameworkAV Evasion with the Veil Framework
AV Evasion with the Veil Framework
 
Django dev-env-my-way
Django dev-env-my-wayDjango dev-env-my-way
Django dev-env-my-way
 
Web security: Securing Untrusted Web Content in Browsers
Web security: Securing Untrusted Web Content in BrowsersWeb security: Securing Untrusted Web Content in Browsers
Web security: Securing Untrusted Web Content in Browsers
 
A Battle Against the Industry - Beating Antivirus for Meterpreter and More
A Battle Against the Industry - Beating Antivirus for Meterpreter and MoreA Battle Against the Industry - Beating Antivirus for Meterpreter and More
A Battle Against the Industry - Beating Antivirus for Meterpreter and More
 
Comment améliorer le quotidien des Développeurs PHP ?
Comment améliorer le quotidien des Développeurs PHP ?Comment améliorer le quotidien des Développeurs PHP ?
Comment améliorer le quotidien des Développeurs PHP ?
 
Coding for production
Coding for productionCoding for production
Coding for production
 
Automated JavaScript Deobfuscation - PacSec 2007
Automated JavaScript Deobfuscation - PacSec 2007Automated JavaScript Deobfuscation - PacSec 2007
Automated JavaScript Deobfuscation - PacSec 2007
 
InSpec For DevOpsDays Amsterdam 2017
InSpec For DevOpsDays Amsterdam 2017InSpec For DevOpsDays Amsterdam 2017
InSpec For DevOpsDays Amsterdam 2017
 
Quality code in wordpress
Quality code in wordpressQuality code in wordpress
Quality code in wordpress
 
How to write good quality code
How to write good quality codeHow to write good quality code
How to write good quality code
 
On the Edge Systems Administration with Golang
On the Edge Systems Administration with GolangOn the Edge Systems Administration with Golang
On the Edge Systems Administration with Golang
 
Building Open-source React Components
Building Open-source React ComponentsBuilding Open-source React Components
Building Open-source React Components
 
Building Open-Source React Components
Building Open-Source React ComponentsBuilding Open-Source React Components
Building Open-Source React Components
 
Continuous feature-development
Continuous feature-developmentContinuous feature-development
Continuous feature-development
 
How to Shot Web - Jason Haddix at DEFCON 23 - See it Live: Details in Descrip...
How to Shot Web - Jason Haddix at DEFCON 23 - See it Live: Details in Descrip...How to Shot Web - Jason Haddix at DEFCON 23 - See it Live: Details in Descrip...
How to Shot Web - Jason Haddix at DEFCON 23 - See it Live: Details in Descrip...
 
Native Script Overview
Native Script OverviewNative Script Overview
Native Script Overview
 
Bug Bounty Hunter Methodology - Nullcon 2016
Bug Bounty Hunter Methodology - Nullcon 2016Bug Bounty Hunter Methodology - Nullcon 2016
Bug Bounty Hunter Methodology - Nullcon 2016
 
Lions, Tigers and Deers: What building zoos can teach us about securing micro...
Lions, Tigers and Deers: What building zoos can teach us about securing micro...Lions, Tigers and Deers: What building zoos can teach us about securing micro...
Lions, Tigers and Deers: What building zoos can teach us about securing micro...
 

More from Cysinfo Cyber Security Community

Understanding Malware Persistence Techniques by Monnappa K A
Understanding Malware Persistence Techniques by Monnappa K AUnderstanding Malware Persistence Techniques by Monnappa K A
Understanding Malware Persistence Techniques by Monnappa K A
Cysinfo Cyber Security Community
 
Getting started with cybersecurity through CTFs by Shruti Dixit & Geethna TK
Getting started with cybersecurity through CTFs by Shruti Dixit & Geethna TKGetting started with cybersecurity through CTFs by Shruti Dixit & Geethna TK
Getting started with cybersecurity through CTFs by Shruti Dixit & Geethna TK
Cysinfo Cyber Security Community
 
Emerging Trends in Cybersecurity by Amar Prusty
Emerging Trends in Cybersecurity by Amar PrustyEmerging Trends in Cybersecurity by Amar Prusty
Emerging Trends in Cybersecurity by Amar Prusty
Cysinfo Cyber Security Community
 
A look into the sanitizer family (ASAN & UBSAN) by Akul Pillai
A look into the sanitizer family (ASAN & UBSAN) by Akul PillaiA look into the sanitizer family (ASAN & UBSAN) by Akul Pillai
A look into the sanitizer family (ASAN & UBSAN) by Akul Pillai
Cysinfo Cyber Security Community
 
Closer look at PHP Unserialization by Ashwin Shenoi
Closer look at PHP Unserialization by Ashwin ShenoiCloser look at PHP Unserialization by Ashwin Shenoi
Closer look at PHP Unserialization by Ashwin Shenoi
Cysinfo Cyber Security Community
 
Unicorn: The Ultimate CPU Emulator by Akshay Ajayan
Unicorn: The Ultimate CPU Emulator by Akshay AjayanUnicorn: The Ultimate CPU Emulator by Akshay Ajayan
Unicorn: The Ultimate CPU Emulator by Akshay Ajayan
Cysinfo Cyber Security Community
 
Reversing and Decrypting Malware Communications by Monnappa
Reversing and Decrypting Malware Communications by MonnappaReversing and Decrypting Malware Communications by Monnappa
Reversing and Decrypting Malware Communications by Monnappa
Cysinfo Cyber Security Community
 
Analysis of android apk using adhrit by Abhishek J.M
Analysis of android apk using adhrit by Abhishek J.M Analysis of android apk using adhrit by Abhishek J.M
Analysis of android apk using adhrit by Abhishek J.M
Cysinfo Cyber Security Community
 
Understanding evasive hollow process injection techniques monnappa k a
Understanding evasive hollow process injection techniques monnappa k aUnderstanding evasive hollow process injection techniques monnappa k a
Understanding evasive hollow process injection techniques monnappa k a
Cysinfo Cyber Security Community
 
Security challenges in d2d communication by ajithkumar vyasarao
Security challenges in d2d communication by ajithkumar vyasaraoSecurity challenges in d2d communication by ajithkumar vyasarao
Security challenges in d2d communication by ajithkumar vyasarao
Cysinfo Cyber Security Community
 
S2 e (selective symbolic execution) -shivkrishna a
S2 e (selective symbolic execution) -shivkrishna aS2 e (selective symbolic execution) -shivkrishna a
S2 e (selective symbolic execution) -shivkrishna a
Cysinfo Cyber Security Community
 
Dynamic binary analysis using angr siddharth muralee
Dynamic binary analysis using angr siddharth muraleeDynamic binary analysis using angr siddharth muralee
Dynamic binary analysis using angr siddharth muralee
Cysinfo Cyber Security Community
 
Bit flipping attack on aes cbc - ashutosh ahelleya
Bit flipping attack on aes cbc - ashutosh ahelleyaBit flipping attack on aes cbc - ashutosh ahelleya
Bit flipping attack on aes cbc - ashutosh ahelleya
Cysinfo Cyber Security Community
 
Security Analytics using ELK stack
Security Analytics using ELK stack Security Analytics using ELK stack
Security Analytics using ELK stack
Cysinfo Cyber Security Community
 
Linux Malware Analysis
Linux Malware Analysis Linux Malware Analysis
Linux Malware Analysis
Cysinfo Cyber Security Community
 
Introduction to Binary Exploitation
Introduction to Binary Exploitation Introduction to Binary Exploitation
Introduction to Binary Exploitation
Cysinfo Cyber Security Community
 
ATM Malware: Understanding the threat
ATM Malware: Understanding the threat ATM Malware: Understanding the threat
ATM Malware: Understanding the threat
Cysinfo Cyber Security Community
 
XXE - XML External Entity Attack
XXE - XML External Entity Attack XXE - XML External Entity Attack
XXE - XML External Entity Attack
Cysinfo Cyber Security Community
 
Image (PNG) Forensic Analysis
Image (PNG) Forensic Analysis Image (PNG) Forensic Analysis
Image (PNG) Forensic Analysis
Cysinfo Cyber Security Community
 
POS Malware: Is your Debit/Credit Transcations Secure?
POS Malware: Is your Debit/Credit Transcations Secure?POS Malware: Is your Debit/Credit Transcations Secure?
POS Malware: Is your Debit/Credit Transcations Secure?
Cysinfo Cyber Security Community
 

More from Cysinfo Cyber Security Community (20)

Understanding Malware Persistence Techniques by Monnappa K A
Understanding Malware Persistence Techniques by Monnappa K AUnderstanding Malware Persistence Techniques by Monnappa K A
Understanding Malware Persistence Techniques by Monnappa K A
 
Getting started with cybersecurity through CTFs by Shruti Dixit & Geethna TK
Getting started with cybersecurity through CTFs by Shruti Dixit & Geethna TKGetting started with cybersecurity through CTFs by Shruti Dixit & Geethna TK
Getting started with cybersecurity through CTFs by Shruti Dixit & Geethna TK
 
Emerging Trends in Cybersecurity by Amar Prusty
Emerging Trends in Cybersecurity by Amar PrustyEmerging Trends in Cybersecurity by Amar Prusty
Emerging Trends in Cybersecurity by Amar Prusty
 
A look into the sanitizer family (ASAN & UBSAN) by Akul Pillai
A look into the sanitizer family (ASAN & UBSAN) by Akul PillaiA look into the sanitizer family (ASAN & UBSAN) by Akul Pillai
A look into the sanitizer family (ASAN & UBSAN) by Akul Pillai
 
Closer look at PHP Unserialization by Ashwin Shenoi
Closer look at PHP Unserialization by Ashwin ShenoiCloser look at PHP Unserialization by Ashwin Shenoi
Closer look at PHP Unserialization by Ashwin Shenoi
 
Unicorn: The Ultimate CPU Emulator by Akshay Ajayan
Unicorn: The Ultimate CPU Emulator by Akshay AjayanUnicorn: The Ultimate CPU Emulator by Akshay Ajayan
Unicorn: The Ultimate CPU Emulator by Akshay Ajayan
 
Reversing and Decrypting Malware Communications by Monnappa
Reversing and Decrypting Malware Communications by MonnappaReversing and Decrypting Malware Communications by Monnappa
Reversing and Decrypting Malware Communications by Monnappa
 
Analysis of android apk using adhrit by Abhishek J.M
Analysis of android apk using adhrit by Abhishek J.M Analysis of android apk using adhrit by Abhishek J.M
Analysis of android apk using adhrit by Abhishek J.M
 
Understanding evasive hollow process injection techniques monnappa k a
Understanding evasive hollow process injection techniques monnappa k aUnderstanding evasive hollow process injection techniques monnappa k a
Understanding evasive hollow process injection techniques monnappa k a
 
Security challenges in d2d communication by ajithkumar vyasarao
Security challenges in d2d communication by ajithkumar vyasaraoSecurity challenges in d2d communication by ajithkumar vyasarao
Security challenges in d2d communication by ajithkumar vyasarao
 
S2 e (selective symbolic execution) -shivkrishna a
S2 e (selective symbolic execution) -shivkrishna aS2 e (selective symbolic execution) -shivkrishna a
S2 e (selective symbolic execution) -shivkrishna a
 
Dynamic binary analysis using angr siddharth muralee
Dynamic binary analysis using angr siddharth muraleeDynamic binary analysis using angr siddharth muralee
Dynamic binary analysis using angr siddharth muralee
 
Bit flipping attack on aes cbc - ashutosh ahelleya
Bit flipping attack on aes cbc - ashutosh ahelleyaBit flipping attack on aes cbc - ashutosh ahelleya
Bit flipping attack on aes cbc - ashutosh ahelleya
 
Security Analytics using ELK stack
Security Analytics using ELK stack Security Analytics using ELK stack
Security Analytics using ELK stack
 
Linux Malware Analysis
Linux Malware Analysis Linux Malware Analysis
Linux Malware Analysis
 
Introduction to Binary Exploitation
Introduction to Binary Exploitation Introduction to Binary Exploitation
Introduction to Binary Exploitation
 
ATM Malware: Understanding the threat
ATM Malware: Understanding the threat ATM Malware: Understanding the threat
ATM Malware: Understanding the threat
 
XXE - XML External Entity Attack
XXE - XML External Entity Attack XXE - XML External Entity Attack
XXE - XML External Entity Attack
 
Image (PNG) Forensic Analysis
Image (PNG) Forensic Analysis Image (PNG) Forensic Analysis
Image (PNG) Forensic Analysis
 
POS Malware: Is your Debit/Credit Transcations Secure?
POS Malware: Is your Debit/Credit Transcations Secure?POS Malware: Is your Debit/Credit Transcations Secure?
POS Malware: Is your Debit/Credit Transcations Secure?
 

Recently uploaded

Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...
Zilliz
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
Claudio Di Ciccio
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Neo4j
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Vladimir Iglovikov, Ph.D.
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
SOFTTECHHUB
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Zilliz
 
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Speck&Tech
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 

Recently uploaded (20)

Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
 
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 

Understanding & analyzing obfuscated malicious web scripts by Vikram Kharvi

  • 2. HELLO! I am Vikram Kharvi Student@PESIT Intern@Deloitte-Cyber Risk Malware Analysis,Pen-Testing,Developer. You can find me at vikram984511@gmail.com 2
  • 3. All about this session Note •Will not cover intent of exploit. •Will not cover reverse engineering. •We will be interested in what malicious script does and not how it does. Getting started with analysis of malicious script. Common obfuscation techniques used by Malicious script authors. Ways to deobfuscate scripts without wasting much time. Tools that can be used to deobfuscate scripts. Find this slide @ cysinfo.com 3
  • 4. Getting started with analysis of malicious web scripts
  • 5. MOBILE PROJECT Show and explain your web, app or software projects using these gadget templates. Place your screenshot here 5
  • 6. Use Virtual Machines or Sandbox before visiting malicious site. 6
  • 7. ⊗ Always replace eval() with console.log() to understand what is being executed by Javascript. ⊗ Focus on try catch method in javascript. ⊗ Check for Evercookie for persistent data. https://github.com/samyk/evercookie 7
  • 8. ⊗ Flag iframes. ⊗ Flag CSS where you find visibility:false; or hidden. ⊗ Check for external links. ⊗ Flag DOM in JS 8
  • 9. Obfuscation Techniques • Minification • Visual Noise • Function name/keyword substitution • Obscure language features (e.g. JS tuples) • Encoding/Encryption • Multiple levels of obfuscation • JavaScript obfuscation web sites 9
  • 10. Minification • Remove whitespace from script. • Rename variables and functions with smaller names • JSCompress.com • To reformat use beautification tool like js -beautify beautify beautify or website. or website. 10
  • 11. Visual Noise Increase difficulty of reading code without changing its functionality. •Spurious comments •Dead code •Long names •String splitting •Character substitution (e.g. replace) 11
  • 12. Removing Visual Noise How to deobfuscate •Manually remove noise. •Write a script. •Extract meaningful code. 12
  • 13. Character Encoding Encodings •Hex (just hex characters) •Backslash Hex (x<n>) https://www.obkb.com/dcljr/charstxt.html • Ampersand Hex(&H<n>) https://www.toptal.com/designers/htmlarrows/letters • Backslash Unicode (u<n>)https://en.wikipedia.org/wiki/List_of_Unicode_characters • Percent Unicode (%u<n>)https://en.wikipedia.org/wiki/List_of_Unicode_characters • Octal (<n>) 13
  • 14. Deobfuscating Character Encoding • Normalize encoded chars to readable characters. • Didier Stevens tools (base64dump.py, numbers-to-string.py, etc.) https://remnux.org/ • Custom script 14
  • 15. Deobfuscation Principles • Make the script do work. • Don’t sweat the details. • Beautify the script • Look for anything recognizable. • Peel back the layers. 15
  • 16. Tools •oledump.py: Analyse Analyse MS Office files. •pdfid.py/pdf -parser.py: Analyze PDF files. •base64dump.py: Extract base64 and hex encoded strings •js -file/js -ascii(modified SpiderMonkey) Run JavaScript outside browser. 16
  • 17. •urldecode.py •Strip_xml •Combine_strings •decode_chars.py: Decode mixed encodings. •js -beautify •Linux tools (grep, sed, awk awk, cut, etc.) More Tools 17
  • 19. 19Prevention and best practices ● Having a robust anti-virus or full security solution installed on their computers. ● Make sure to update the operating system with the latest security patches. ● Keeping all updates running on computer up-to-date and download updates on a regular basis as they are released to avoid vulnerabilities. ● Making it a habit to run regular full system scans to check for problems and remove them. ● Avoid clicking on links from websites of unknown origins or are embedded in the body of emails, especially in spam e-mails. ● Checking the redirection of links by hovering on top of the links, you can see where the links will redirect from the status bar. ● Installing security plugin opened by web browser, such as automatic blockage of JavaScript execution or force download activities. ● For Web administrators take a note on upgrading all web applications and monitoring them to locate any type of scripts that may have been inserted by third parties.
  • 20. CREDITS Evan H Dygert Didier Stevens Monnappa K A 20 Thanks
  • 21. THANKS! Any questions? You can find me at: vikram984511@gmail.com 21