public marks

PUBLIC MARKS with tags outil & hack

11 March 2015 07:30

JAVASCRIPT - jsunpack - a generic JavaScript unpacker

by decembre
The Extracted URLs lists, (2 files) for instance, indicates how many decodings or other files were created when trying to decode JavaScript. If this column shows (1 files) it means that there were no decodings and that a static scanner would be just as effective at detecting content. However, if there are more than one file, a decoding likely occurred, and jsunpack can match against additional content. A malicious URL with only (1 files) is less likely to be malicious because attackers commonly hide their content when delivering exploits or other malicious content. The Extracted URLs displays files grouped by URL, so the originally file that triggered the rule and all of the other files are all connected to another. It is more common that the attacker will try to hide content and create 2 or more decodings. Jsunpack was originally designed to handle complicated cases of decoding where there were 5 stages of decoding, although such cases are rare, generally the more decoding levels (and therefore files), the more likely the attacker is trying to hide something of value. Thanks for using jsunpack!

PUBLIC TAGS related to tag outil

decode +   decoding +   exploit +   hack +   htlm +   javascript +   malicious +   online +   online tool +   pcap +   pdf +   scan +   security +   tool +   unpack +  

Active users

decembre
last mark : 09/06/2017 10:23