Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Defeating the Latest Advances in Script Obfuscation

via YouTube

Overview

Explore advanced techniques for defeating the latest script obfuscation methods in this 30-minute conference talk from Derbycon 2016. Learn about the purpose and methods of script obfuscation, its role in attack scenarios, and the importance of deobfuscation. Discover general tips for tackling obfuscated scripts, including handling unused code, complicated naming conventions, and obscured control flow. Gain insights into simplifying arithmetic sequences, decoding obfuscated string values, and dealing with heavily obfuscated scripts. Master practical steps like removing junk code, standardizing formatting, and rearranging functions to improve readability. Understand the process of function relabeling and explore various deobfuscation tools to enhance your analysis capabilities.

Syllabus

Intro
OUTLINE
INTRO
WHAT IS OBFUSCATION?
WHY OBFUSCATE SCRIPTS?
HOW ARE SCRIPTS OBFUSCATED?
OBFUSCATED SCRIPTS IN ATTACK SCENARIOS
WHY DEOBFUSCATE?
DEOBFUSCATION GOALS
WHAT DO I NEED?
GENERAL TIPS
UNUSED / GARBAGE CODE
COMPLICATED VARIABLE AND FUNCTION NAMES
INDIRECT CALLS AND OBSCURED CONTROL FLOW
ARITHMETIC SEQUENCES
OBFUSCATED STRING VALUES
IF SCRIPT IS STILL HEAVILY OBFUSCATED
REMOVE JUNK
STANDARDIZE FORMATTING
REARRANGE FUNCTION ORDER
MERGE FUNCTIONS TOGETHER
BEGIN SIMPLIFYING...
PICTURE BEGINS TO CLEAR UP
YUP, THEY'RE FILE PATHS
FUNCTION RELABELING
DEOBFUSCATION TOOLS
CONCLUSION

Reviews

Start your review of Defeating the Latest Advances in Script Obfuscation

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.