HITB SIGINT: Adnan Mohd Shukor & Mahmud Ab Rahman (MyCERT)

Presentation Title Fun With JavaScript DeObfuscation
Presentation Abstract

It is the norm to have JavaScript code within exploits on malicious web, PDFs and anything that executes .js code. Since JavaScript is running on the client-side, having it in plain code is not so bright idea. So, obfuscation the JavaScript code is a must. Here’s come the challenge for malcode analyst, de-obfuscating the JavaScript code. We’ll focus more on de-obfuscating malicious JavaScript code which is used for triggering bugs and hiding payloads within malicious web or malicious PDFs. Some says JavaScript de-obfuscation is hard. So, in this presentation, we’ll evaluate from lame/boring to complex JavaScript obfuscations methods present in-the-wild and try to de-obfuscat them all. We’ll share dynamic and static approaches to de-obfuscation of JavaScript.

About Adnan Mohd Shukor

Adnan Mohd Shukor is an Intrusion Analyst at Malaysian Computer Emergency Response Team (MyCERT), CyberSecurity Malaysia. His Education background comprises of Degree in Information Technology, majoring in Security Technology from Multimedia University. He is also a GIAC Certified Penetration Tester (GPEN), GIAC Certified Incident Handler (GCIH) and member of the SANS Advisory Board since 2009. In the IT security line of work, he has plenty of experience in aspects of web security, client side security, honeypot technology, network security, penetration testing, system development and automation.

About Mahmud AB Rahman

Mahmud Ab Rahman currently works as Information Security Specialist for Malaysia Computer Emergency and Response Team (MyCERT) under umbrella of CyberSecurity Malaysia. Prior to that, he worked as an Intrusion Analyst at MyCERT department. His education background comprises of Master Degree in Computer Science from National University of Malaysia in 2006. Prior to that, he obtained a Degree in Computer Science from the same university.

Mahmud has been involved in the computer security field for over 5 years. His area of focus and interest is network security, honeynet, botnet monitoring, and malware analysis. He also engages in several large scale penetration-testing exercises and to provide solutions for any vulnerability detected. Moreover, he is recognized for conducting numbers of training for organizations to talk on topics ranging from introduction to advanced security courses. He is a occasional speaker at conferences such as FIRST AGM, FIRST TC,Honeynet Annual Workshop and Infosec.MY. He currently certified for SANS’s GPEN (gold) and GREM.