abstract illustration

Understanding How Attackers use Malicious JavaScript

JavaScript is a powerful language and ubiquitous – in fact RedMonk rates it as the #1 most popular programing language in the world. Load a web page and your computer starts executing the JavaScript embedded within. Sound dangerous? Of course it is and browser makers have tried hard to make it secure by keeping the code within its sandbox. In this webinar we’ll look at what happens when it gets out. But JavaScript goes beyond browsers. Lots of other applications and document types support JavaScript besides just browsers and web pages including things like PDF files, email clients, and modern Windows Apps.

How do you analyze malicious JavaScript? We’ll discuss locating and extracting suspicious code, deobfuscating it and watching it execute in a safe environment that you may come across during a security investigation. In this real training for free event I’ll show you several different forms of malicious JavaScript such as:

  • Malicious PDF example
  • Malicious .js file email attachment
  • Malicious Javascript used in common MITM scenarios