Web Attacks using Obfuscated JavaScript Techniques

•Download as PPTX, PDF•

0 likes•635 views

Amol Kamble

Web attacks using obfuscated script

Software

Web Attacks using
Obfuscated JavaScript
Amol Kamble

“ Code obfuscation is the practice of
making code unintelligible , or at the
very least, hard to understand ”
“General code obfuscation techniques
aim to confuse the understanding of
the way in which program functions.”

Who use the Code Obfuscation?
code obfuscation is used to protect
intellectual property by software
companies.
it is also used extensively by authors
of malicious code to avoid detection
from virus scanner.

Different Obfuscation Techniques
Randomization Obfuscation
Data Obfuscation
Encoding Obfuscation
Logic Structure Obfuscation

Use of Scripts In Web
Information Validation
Event Handling
Changing Web Content
Dynamically
Business Logic Implementation

Use of Scripts by the Web
Attacker
Information Loss
Download Malicious Code
Redirect to Another Malicious
Website
Doing something Behalf of User
Calling Native Function

How antivirus software works
Signature-based detection
Behavioral detection
String pattern Matching
Emulator or Virual Browser

How antivirus Deal with
Malicious Obfuscated Script

How antivirus Deal with
Malicious Obfuscated Script
Deobfuscate the Script and
Check for virus Signature
Don’t Allowed any Obfuscated
Script

How antivirus Deal with
Malicious Obfuscated Script
Run Script in Virtual Browser and
Check Script Behaviour
Deobfusated the Script and
Check Semantics of Instrution in
Script

What's hot

Web application security: Threats & CountermeasuresAung Thu Rha Hein

Cross-Site Request Forgery Vulnerability: “A Sleeping Giant”Capgemini

Information on Brute Force AttackHTS Hosting

Is your app secureChathuranga Bandara

A8 cross site request forgery (csrf) it 6873 presentationAlbena Asenova-Belal

Identifying XSS Vulnerabilitiesn|u - The Open Security Community

Web Application SecurityColin English

Search AttacksAung Khant

A7 Missing Function Level Access Controlstevil1224

Xss attackManjushree Mashal

Understanding Cross-site Request ForgeryDaniel Miessler

2014 Threat Detection Checklist: Six ways to tell a criminal from a customerEMC

CSRF Basicsn|u - The Open Security Community

Cross Site Request Forgery (CSRF) Scripting ExplainedValency Networks

Secure Code Warrior - AuthenticationSecure Code Warrior

The Quiet Rise of Account TakeoverIMMUNIO

Abusing Google Apps and Data API: Google is My Command and Control CenterAjin Abraham

Exploiting parameter tempering attack in web applicationVishal Kumar

A security note for web developersJohn Ombagi

What's hot (19)

Web application security: Threats & Countermeasures

Cross-Site Request Forgery Vulnerability: “A Sleeping Giant”

Information on Brute Force Attack

Is your app secure

A8 cross site request forgery (csrf) it 6873 presentation

Identifying XSS Vulnerabilities

Web Application Security

Search Attacks

A7 Missing Function Level Access Control

Xss attack

Understanding Cross-site Request Forgery

2014 Threat Detection Checklist: Six ways to tell a criminal from a customer

CSRF Basics

Cross Site Request Forgery (CSRF) Scripting Explained

Secure Code Warrior - Authentication

The Quiet Rise of Account Takeover

Abusing Google Apps and Data API: Google is My Command and Control Center

Exploiting parameter tempering attack in web application

A security note for web developers

Viewers also liked

Welcome to the United States: An Acculturation ConversationSuzanne M. Sullivan

The (In)Security of Topology Discovery in Software Defined NetworksTalal Alharbi

Ajit-Legiment_Techniquesguest66dc5f

VMRay intro videoChad Loeven

Automated JavaScript Deobfuscation - PacSec 2007Stephan Chenette

Code obfuscation, php shells & moreMattias Geniar

A combined approach to search for evasion techniques in network intrusion det...eSAT Journals

Practical IoT Exploitation (DEFCON23 IoTVillage) - Lyon YangLyon Yang

ASFWS 2011 : Code obfuscation: Quid Novi ?Cyber Security Alliance

blur-me-recsystalkSmriti Bhagat

Topics in network securityNasir Bhutta

New techniques in sql obfuscation, from DEFCON 20Nick Galbreath

Bsides to 2016-penetration-testingHaydn Johnson

BeEF_EUSecWest-2012_Michele-OrruMichele Orru

SENIOR MATERIAL ENGINEER WITH 5 YEARS OF EXPERIENCESangeetha Sankaramahadev

On deobfuscation in practiceDmitry Schelkunov

Purple teaming Cyber Kill ChainHaydn Johnson

Code obfuscationAmol Kamble

Penetration testing dont just leave it to chanceDr. Anish Cheriyan (PhD)

Syllabus Advanced Exploit Development 22-23 June 2013Dan H

Viewers also liked (20)

Welcome to the United States: An Acculturation Conversation

The (In)Security of Topology Discovery in Software Defined Networks

Ajit-Legiment_Techniques

VMRay intro video

Automated JavaScript Deobfuscation - PacSec 2007

Code obfuscation, php shells & more

A combined approach to search for evasion techniques in network intrusion det...

Practical IoT Exploitation (DEFCON23 IoTVillage) - Lyon Yang

ASFWS 2011 : Code obfuscation: Quid Novi ?

blur-me-recsystalk

Topics in network security

New techniques in sql obfuscation, from DEFCON 20

Bsides to 2016-penetration-testing

BeEF_EUSecWest-2012_Michele-Orru

SENIOR MATERIAL ENGINEER WITH 5 YEARS OF EXPERIENCE

On deobfuscation in practice

Purple teaming Cyber Kill Chain

Code obfuscation

Penetration testing dont just leave it to chance

Syllabus Advanced Exploit Development 22-23 June 2013

Similar to Web Attacks using Obfuscated JavaScript Techniques

WEB APPLICATION SECURITYyashwanthlavu

Do it-yourself-auditsJohann-Peter Hartmann

Web Application VulnerabilitiesPreetish Panda

Penetration Testing BasicsRick Wanner

Analysis Of Adverarial Code - The Role of Malware KitsRahul Mohandas

Spiceworld 2011 - AppRiver breakout sessionShane Rice

Common Web Application Attacks Ahmed Sherif

Cyber pptkarthik menon

Software Birthmark Based Theft/Similarity Comparisons of JavaScript ProgramsSwati Patel

Developers’ mDay 2021: Goran Kunjadić, Cyber security, cryptography and DPO e...mCloud

WEB APPLICATION SECURITYyashwanthlavu

ChongLiu-MaliciousURLDetectionDaniel Liu

A DevOps Guide to Web Application SecurityImperva Incapsula

Application-security-Javascript.pptxDBALLIANCE Ltd UK

website vulnerability scanner and reporter research paperBhagyashri Chalakh

A Survey of Keylogger in Cybersecurity Educationijtsrd

Security testautomationLinkesh Kanna Velu

Website hacking and prevention (All Tools,Topics & Technique )Jay Nagar

Web Security - IntroductionSQALab

Web Security - Introduction v.1.3Oles Seheda

Similar to Web Attacks using Obfuscated JavaScript Techniques (20)

WEB APPLICATION SECURITY

Do it-yourself-audits

Web Application Vulnerabilities

Penetration Testing Basics

Analysis Of Adverarial Code - The Role of Malware Kits

Spiceworld 2011 - AppRiver breakout session

Common Web Application Attacks

Cyber ppt

Software Birthmark Based Theft/Similarity Comparisons of JavaScript Programs

Developers’ mDay 2021: Goran Kunjadić, Cyber security, cryptography and DPO e...

WEB APPLICATION SECURITY

ChongLiu-MaliciousURLDetection

A DevOps Guide to Web Application Security

Application-security-Javascript.pptx

website vulnerability scanner and reporter research paper

A Survey of Keylogger in Cybersecurity Education

Security testautomation

Website hacking and prevention (All Tools,Topics & Technique )

Web Security - Introduction

Web Security - Introduction v.1.3

Recently uploaded

Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01

Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3

Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110

why an Opensea Clone Script might be your perfect match.pdfjoe51371421

HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai

Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH

What is Binary Language? Computer Number SystemsJheuzeDellosa

Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.

DNT_Corporate presentation know about usDynamic Netsoft

What is Fashion PLM and Why Do You Need ItWave PLM

chapter--4-software-project-planning.pptkotipi9215

The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfkalichargn70th171

ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...Christina Lin

Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq

Unit 1.1 Excite Part 1, class 9, cbse...aditisharan08

Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ

The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS

Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531

Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy

Professional Resume Template for Software DevelopersVinodh Ram

Recently uploaded (20)

Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...

Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data

Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...

why an Opensea Clone Script might be your perfect match.pdf

HR Software Buyers Guide in 2024 - HRSoftware.com

Der Spagat zwischen BIAS und FAIRNESS (2024)

What is Binary Language? Computer Number Systems

Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data

DNT_Corporate presentation know about us

What is Fashion PLM and Why Do You Need It

chapter--4-software-project-planning.ppt

The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf

ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...

Salesforce Certified Field Service Consultant

Unit 1.1 Excite Part 1, class 9, cbse...

Cloud Management Software Platforms: OpenStack

The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...

Hand gesture recognition PROJECT PPT.pptx

Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications

Professional Resume Template for Software Developers

Web Attacks using Obfuscated JavaScript Techniques

1. Web Attacks using Obfuscated JavaScript Amol Kamble

2. “ Code obfuscation is the practice of making code unintelligible , or at the very least, hard to understand ” “General code obfuscation techniques aim to confuse the understanding of the way in which program functions.”

3. Who use the Code Obfuscation? code obfuscation is used to protect intellectual property by software companies. it is also used extensively by authors of malicious code to avoid detection from virus scanner.

4. Different Obfuscation Techniques

5. Different Obfuscation Techniques Randomization Obfuscation Data Obfuscation Encoding Obfuscation Logic Structure Obfuscation

6. Obfuscation Examples obfuscate a loop

7. Obfuscation Examples

8. Use of Script In Web

9. Use of Scripts In Web Information Validation Event Handling Changing Web Content Dynamically Business Logic Implementation

10. Use of Scripts by the Web Attacker

11. Use of Scripts by the Web Attacker Information Loss Download Malicious Code Redirect to Another Malicious Website Doing something Behalf of User Calling Native Function

12. How antivirus software works

13. How antivirus software works Signature-based detection Behavioral detection String pattern Matching Emulator or Virual Browser

14. How antivirus Deal with Malicious Obfuscated Script

15. How antivirus Deal with Malicious Obfuscated Script Deobfuscate the Script and Check for virus Signature Don’t Allowed any Obfuscated Script

16. How antivirus Deal with Malicious Obfuscated Script Run Script in Virtual Browser and Check Script Behaviour Deobfusated the Script and Check Semantics of Instrution in Script

17. Thank you!!!

Web Attacks using Obfuscated JavaScript Techniques

Recommended

Recommended

More Related Content

What's hot

What's hot (19)

Viewers also liked

Viewers also liked (20)

Similar to Web Attacks using Obfuscated JavaScript Techniques

Similar to Web Attacks using Obfuscated JavaScript Techniques (20)

Recently uploaded

Recently uploaded (20)

Web Attacks using Obfuscated JavaScript Techniques