Blog

Alex Rice and I just returned from Tokyo, where we presented at PacSec 2007 [http://www.pacsec.jp/].

Dragos Ruiu (PacSec organizer)

(Websense Security Labs researchers: Alex Rice, Stephan Chenette)

The topic of our presentation was: "Automated JavaScript Deobfuscation." We shared with our audience the latest tools and techniques that we use internally to deobfuscate malicious javascript. After the presentation, multiple researchers approached us to ask more questions. From the number of questions we received and the general response to our talk, we know that obfuscation of malicious Web content is a growing problem. I'm hopeful that sharing our expertise has helped multiple researchers in this area to understand the problem and its possible solutions.

Some of the other interesting talks we heard were: "Enter Sandman (why you should never go to sleep)" by Nicolas Ruff & Matthieu Suiche from EADS, and "Fuzzing Frameworks, Fuzzing Languages!?" by Stephen Ridley & Colin Delaney from McAfee.

I was personally very interested in the talk: "Heap exploits are dead. Heap exploits remain dead. And we have killed them." by Nicolas Waisman from Immunity. I'm looking forward to getting more familiar with Immunity Debugger, because it looks very powerful . . . and it's free!

To all the researchers we met at PacSec 2007: thanks for the good time and the interesting discussions. We hope to meet you again at another conference in the near future.

Presentation link: http://www.websense.com/securitylabs/images/alerts/wsl_pacsec2007_en.pdf