Metasploit mailing list archives
Re: New Javascript Packer: JSidle
From: Spring Systems <korund () hotmail com>
Date: Sat, 10 Jul 2010 13:26:36 +0000
Thanks for good addon. The JSidle packer conception based on delivering script with time delay? Will this affect on the execution speed of exploit? The other good thing would be to implement the polymorphic encryption algorithm, to make the Javascript codes that can transmute and protect themselves. This will provide very good protection. Regards, spring
Date: Sat, 10 Jul 2010 00:34:49 +0200 From: sven.taute () gmail com To: framework () spool metasploit com Subject: [framework] New Javascript Packer: JSidle Hi all, I developed a new javascript packer that should solve the current problems with AV detection and perform better than the existing obfuscators. It uses some new concepts explained in a blog post and in more detail in the latest Issue of the HITB magazine: http://relentless-coding.blogspot.com/2010/07/new-javascript-packer-jsidle.html http://magazine.hitb.org The code is available here: http://github.com/svent/jsidle Patches for Metasploit: http://github.com/svent/jsidle/tree/master/metasploit/ I patched two existing exploit modules to show the usage, the aurora exploit for web-based ones and the adobe_geticon exploit to show the usage for PDF files. The javascript part of web-based exploits should not be detected by AV (using static analysis). Virustotal detection for the PDF dropped from 17/41 to 9/41 - as obfuscation is not that common in PDF files, some scanners still flag the file as suspicious using a generic detection. - Sven _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
_________________________________________________________________ The New Busy is not the too busy. Combine all your e-mail accounts with Hotmail. http://www.windowslive.com/campaign/thenewbusy?tile=multiaccount&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_4
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- New Javascript Packer: JSidle Sven Taute (Jul 09)
- Re: New Javascript Packer: JSidle Spring Systems (Jul 10)
- Re: New Javascript Packer: JSidle Miguel Rios (Jul 10)
- Re: New Javascript Packer: JSidle Jonathan R (Jul 10)
- Re: New Javascript Packer: JSidle John Strand (Jul 10)
- Re: New Javascript Packer: JSidle Spring Systems (Jul 11)
- Re: New Javascript Packer: JSidle Thierry Zoller (Jul 11)
- Re: New Javascript Packer: JSidle Spring Systems (Jul 11)
- Re: New Javascript Packer: JSidle Miguel Rios (Jul 10)
- Re: New Javascript Packer: JSidle Miguel Rios (Jul 11)
- Re: New Javascript Packer: JSidle Sven Taute (Jul 12)
- Re: New Javascript Packer: JSidle Miguel Rios (Jul 13)
- Re: New Javascript Packer: JSidle Thorgul (Jul 13)
- Re: New Javascript Packer: JSidle Spring Systems (Jul 10)