JavaScript is an advanced programming language that has many capabilities and libraries. Many attackers use JavaScript to exploit browsers because it allows them to dynamically control content, make additional HTTP requests and otherwise hide their activity. Attackers who exploit browser vulnerabilities quickly find new and clever ways to alter their code to subvert the latest defenses and make it more difficult or time consuming to decode. JavaScript exploits often affect users visiting infected or malicious sites. Usually, SQL-injection vulnerabilities that insert malicious scripts infect these sites. Less commonly, cross-site scripting (XSS) vulnerabilities, a less-serious type of vulnerability, deliver exploits to infect website visitors. The current state of JavaScript obfuscation and exploitation is difficult for analysts to keep up with. As a solution to this ongoing problem, jsunpack is one new tool that analysts can use to automatically unpack JavaScript.
Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.
Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.