Detecting Obfuscated Malicious JavaScript with Snort and Razorback

In the modern client-focused threat landscape,JavaScript plays a very important role in delivering and executing attacks.Many browser-based vulnerabilities are triggered by specific sets of JavaScript calls,and HTML,CSS,or PDF-based vulnerabilities often have accompanying payloads written in JavaScript.Thus,if a defender can reliably detect malicious JavaScript,they can protect against the vast bulk of browser-based,client-side attacks - including 0-day delivered with standard malicious JavaScript tricks.

Download: PDF