Cyber Security Lab
IT Security & IT Forensics Exercises

Web Forensics

JavaScript Downloader

This exercise is about starting a download with JavaScript. This allows a file to be started for download without logging a request to the server.

Exercise

Analyse the first task (Exercise A). To do this, evaluate the communication with the server. How is the download started? What are the differences in the tracks compared to normal downloads?

The file of the second task (Exercise B) uses a special signature. What is it about?

Then go through the next trainings. Which method is used to obfuscate the downloads?

Exercise D: Advanced example + obfuscation

original:

with payload:

Solution of the exercise

Downloads based on the eicar examples files for AV scanners. The payload is base64 encoded and hidden in an image by CryptoStego.



back