I was asked by my friend @PixelMelt to help out with a research project he was working on, focused on the analysis of a few JavaScript obfuscators.
- Obfuscator.io: Likely the most common JavaScript obfuscator.
- JS-Confuser: A newer obfuscator with some nice techniques.
- PISTOL: PixelMelt's JavaScript Virtualisation Obfuscation.
I chose to go with PISTOL as I am already familiar enough with the others, and VM based obfuscation is much more interesting than transformation obfuscation.
https://blog.pixelmelt.dev/analysing-pistoljsvm/
You are going to be given 3 JavaScript samples to attempt to retrieve a flag from, easy, medium, and hard.
You will stop after attempting to retrieve the flag from each sample either after 120 minutes pass, or you find the flag.
The flag is a string in the format “FLAG{}”.
Once you complete each test you will fill out the following form with your results.
You should start with the easiest sample and work up to hard.
You will have until June 28th to submit the results.
Big thank you to @PixelMelt for providing the opportunity to take part and the fun challenge! :>
