CactusCon

CactusCon13
February 14-15, 2025
Mesa, AZ

JavaScript Obfuscation - It’s All About the P-a-c-k-e-r-s

Track 3
4 Feb 2022 11:00 AM - 12:00 PM

The usage of JavaScript obfuscation techniques have become prevalent in today’s threats, from phishing pages, to Magecart, and supply chain injection to JavaScript malware droppers all use JavaScript obfuscation techniques on some level.

The usage of JavaScript obfuscation enables evasion from detection engines and poses a challenge to security professionals, as it hinders them from getting quick answers on the functionality of the examined source code.

Deobfuscation can be technically challenging (sometimes), risky (if you don’t know what you are doing), and time consuming (if you are lazy, as I am). Yet, the need to find and analyze high scaled massive attacks using JavaScript obfuscation is a task I’m faced with on a daily basis.

In this presentation I will present a lazy, performance cost effective approach, focusing on the detection of JavaScript packer templates. Once combined with threat intelligence heuristics, this approach can predict the maliciousness level of JavaScript with high probability of accuracy.

In addition to the overview of what I’ve developed, I’ll share the techniques used, as well as source code needed to create a representation of JavaScript by using AST parsing, obfuscation pattern matching, and the machine learning techniques involved.

Or Katz
Akamai, Principal Lead Security Researcher
@or_katz
https://www.akamai.com/blog?author=or_katz

Or Katz is a security veteran, with years of experience at industry leading vendors, currently serves as principal lead security researcher for Akamai. Katz is a frequent Speaker in security conferences and published numerous articles, blogs and white papers on threat intelligence and defensive techniques. Data driven security researcher that is constantly looking on how to move security challenges into the science and solutions space.