Cyber Security Lab
IT Security & IT Forensics Exercises

Web Forensics

JavaScript Downloader

This exercise is about starting a download with JavaScript. This allows a file to be started for download without logging a request to the server.

Exercise

Analyse the first task (Exercise A). To do this, evaluate the communication with the server. How is the download started? What are the differences in the tracks compared to normal downloads?

The file of the second task (Exercise B) uses a special signature. What is it about?

Then go through the next trainings. Which method is used to obfuscate the downloads?

Exercise B: Advanced example

Solution of the exercise

Instead of a TXT file an EXE file with the EICAR test signature is now offered for download.

The EICAR test file is a test pattern developed by the European Institute for Computer Antivirus Research and the Computer AntiVirus Research Organization to test the function of antivirus programs.



back