Metasploit mailing list archives
New Javascript Packer: JSidle
From: Sven Taute <sven.taute () gmail com>
Date: Sat, 10 Jul 2010 00:34:49 +0200
Hi all, I developed a new javascript packer that should solve the current problems with AV detection and perform better than the existing obfuscators. It uses some new concepts explained in a blog post and in more detail in the latest Issue of the HITB magazine: http://relentless-coding.blogspot.com/2010/07/new-javascript-packer-jsidle.html http://magazine.hitb.org The code is available here: http://github.com/svent/jsidle Patches for Metasploit: http://github.com/svent/jsidle/tree/master/metasploit/ I patched two existing exploit modules to show the usage, the aurora exploit for web-based ones and the adobe_geticon exploit to show the usage for PDF files. The javascript part of web-based exploits should not be detected by AV (using static analysis). Virustotal detection for the PDF dropped from 17/41 to 9/41 - as obfuscation is not that common in PDF files, some scanners still flag the file as suspicious using a generic detection. - Sven _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- New Javascript Packer: JSidle Sven Taute (Jul 09)
- Re: New Javascript Packer: JSidle Spring Systems (Jul 10)
- Re: New Javascript Packer: JSidle Miguel Rios (Jul 10)
- Re: New Javascript Packer: JSidle Jonathan R (Jul 10)
- Re: New Javascript Packer: JSidle John Strand (Jul 10)
- Re: New Javascript Packer: JSidle Spring Systems (Jul 11)
- Re: New Javascript Packer: JSidle Thierry Zoller (Jul 11)
- Re: New Javascript Packer: JSidle Spring Systems (Jul 11)
- Re: New Javascript Packer: JSidle Miguel Rios (Jul 10)
- Re: New Javascript Packer: JSidle Miguel Rios (Jul 11)
- Re: New Javascript Packer: JSidle Sven Taute (Jul 12)
- Re: New Javascript Packer: JSidle Miguel Rios (Jul 13)
- Re: New Javascript Packer: JSidle Spring Systems (Jul 10)