[framework] New Javascript Packer: JSidle

Hi all,

I developed a new javascript packer that should solve the current
problems with AV detection and perform better than the existing
obfuscators.
It uses some new concepts explained in a blog post and in more detail
in the latest Issue of the HITB magazine:
http://relentless-coding.blogspot.com/2010/07/new-javascript-packer-jsidle.html
http://magazine.hitb.org

The code is available here: http://github.com/svent/jsidle
Patches for Metasploit: http://github.com/svent/jsidle/tree/master/metasploit/

I patched two existing exploit modules to show the usage, the aurora
exploit for web-based ones and the adobe_geticon exploit to show the
usage for PDF files.
The javascript part of web-based exploits should not be detected by AV
(using static analysis). Virustotal detection for the PDF dropped from
17/41 to 9/41 - as obfuscation is not that common in PDF files, some
scanners still flag the file as suspicious using a generic detection.

- Sven
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

• This message: [ Message body ]
• Next message: Miguel Rios: "[framework] Meterpreter unexpectedly closes"
• Previous message: Jon Hart: "Re: [framework] Dynamic Trunk Protocol (DTP) Module"
• Next in thread: Spring Systems: "Re: [framework] New Javascript Packer: JSidle"
• Reply: Spring Systems: "Re: [framework] New Javascript Packer: JSidle"
• Maybe reply: Spring Systems: "Re: [framework] New Javascript Packer: JSidle"

• Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]