September 25, 2012 at 5:40 pm #7920
It’s been a long time since I last posted on EHNet. Some of you might remember me and some might not. To cut the long story short, I got selected in one of the best universities of my country for MS and currently pursuing research in IT Security.
If you want to share samples, kindly message me on EHNet and I will provide you my email address.
Note: Please do not ask for my email if you have only 1-2 posts here on EHNet. I will only provide the email to members I trust or members I can trust.
September 25, 2012 at 5:58 pm #50111
An older example I’d posted:
Hope it helps.
September 25, 2012 at 6:18 pm #50112
September 25, 2012 at 6:30 pm #50113
September 25, 2012 at 6:50 pm #50114
Well, your post didn’t ask for a few thousand… 😛
I’m not sure if there’s a definitive source of a few thousand examples, that anyone can point you to, offhand… But if they can, I’d be interested to see that, too, if for not other reason than to study ‘other’ methods that I haven’t seen.
Edit – looking for that many, might I assume your project is to try to create some sort of tool to spot them?
September 25, 2012 at 10:53 pm #50115RoleReversalParticipant
If I’m wanting to quickly analyse some JS in the wild I usually turn to Wepawet. I’ve no affiliation with the service but it couldn’t hurt to get in touch with the team there to see if they’re willing/able to provide access to some of their samples?
Alternatively, some of Wepawet’s reports can be accessed based on md5 hash of the content (I found this report via a quick google search for example). I’ve not read their Ts&Cs so use at your own risk, but a quick Google Dork of:
site:wepawet.iseclab.org intitle:report inurl:’type=js’
is currently returning >15k results
Unfortunately Wepawet’s report format only lists the de-obfuscated operations rather than the original source so may not be exactly relevant to your needs, but you could always use the listed report targets to grab any scripts that are still live yourself.
Hope this helps, good luck with your project.
September 26, 2012 at 7:42 am #50116
September 26, 2012 at 5:14 pm #50117alanParticipant
Not sure if you can see recent submission on iseclab’s wepawet site. Here’s another one work a look, use the search feature to grab more recently checked URLs
Congrats, enjoy your studies!
- You must be logged in to reply to this topic.