UPDATE:
I added more screenshots.
Dear blog readers,
I wanted to share with everyone some of the details on one of my latest projects.
Back in 2007-2013 obfuscated and deobfuscated malicious javascript scripts used to dominate my reality. On a daily basis prior to doing my usual research and the publishing my research and findings I was embraced by obfuscated malicious javascript in a variety of ways on a daily basis and so I've recently decided to put some efforts into a hot topic that I believe is still highly relevant based on my perspective in today's modern cybercrime world. Despite the fact that today's modern cybercrime ecosystem is dominated by the rise of ransomware and ransomware as a service underground market propositions I'm a firm believer that somewhere out there there's a multitude of a compromised web sites that are further responsibly for a variety of cyber attacks and cyber espionage campaigns which once uncovered are prone to shed more light into the inner workings of their ecosystem which will inevitably prompt me to dig a little bit deeper potentially uncovering and exposing the entire cybercrime ecosystem network.
I've recently spent the last two days working on a obfuscated javascript scripts detection crawler where I'm also busy training a ML Model in Python using both legitimate javascript scripts obtained from the Top 1000 most popular Web sites on the Internet and approximately 98,000 malicious javascript scripts which I've processed and obtained access to throughout the past couple of years up to present day.
I also plan on training the model on my own using another collection which consists of approximately 798,000 malicious and obfuscated javascript files which will definitely make an impact in the actual crawling and detection and payload extraction process.
Sample photos:
