public marks

PUBLIC MARKS with tag pcap

2015

JAVASCRIPT - jsunpack - a generic JavaScript unpacker

by decembre
The Extracted URLs lists, (2 files) for instance, indicates how many decodings or other files were created when trying to decode JavaScript. If this column shows (1 files) it means that there were no decodings and that a static scanner would be just as effective at detecting content. However, if there are more than one file, a decoding likely occurred, and jsunpack can match against additional content. A malicious URL with only (1 files) is less likely to be malicious because attackers commonly hide their content when delivering exploits or other malicious content. The Extracted URLs displays files grouped by URL, so the originally file that triggered the rule and all of the other files are all connected to another. It is more common that the attacker will try to hide content and create 2 or more decodings. Jsunpack was originally designed to handle complicated cases of decoding where there were 5 stages of decoding, although such cases are rare, generally the more decoding levels (and therefore files), the more likely the attacker is trying to hide something of value. Thanks for using jsunpack!

2011

Re: [tcpdump-workers] Freeing memory in libpcap

by sylvainulg
could have been worth a note in pcap_next(), imho.

2006

PUBLIC TAGS related to tag pcap

coding +   decode +   decoding +   exploit +   fon +   hack +   htlm +   javascript +   login +   malicious +   memory leak +   network +   online +   online tool +   outil +   pdf +   scan +   security +   sniff +   sécurité +   tool +   unpack +   wifi +  

Active users

decembre
last mark : 09/06/2017 10:23

sylvainulg
last mark : 09/09/2011 13:27

Ganf
last mark : 12/11/2006 02:21