312-50V11 · Question #745
Analyst is investigating proxy logs and found out that one of the internal user visited website storing suspicious java scripts. After opening one of them, he noticed that it is very hard to understan
The correct answer is C. Obfuscation. Obfuscation is the deliberate transformation of code into a functionally equivalent but intentionally unreadable form, commonly used by attackers to slow down analysis and evade detection.
Question
Analyst is investigating proxy logs and found out that one of the internal user visited website storing suspicious java scripts. After opening one of them, he noticed that it is very hard to understand the code and that all codes differ from the typical java script. What is the name of this technique to hide the code and extend analysis time?
Options
- ASteganography
- BCode encoding
- CObfuscation
- DEncryption
How the community answered
(34 responses)- A6% (2)
- C91% (31)
- D3% (1)
Why each option
Obfuscation is the deliberate transformation of code into a functionally equivalent but intentionally unreadable form, commonly used by attackers to slow down analysis and evade detection.
Steganography conceals secret data inside carrier files such as images or audio, and does not alter the structure or appearance of executable code.
Code encoding converts code to an alternate format for transport or storage and is not specifically intended to hinder human analysis.
Obfuscation rewrites source code by renaming variables to meaningless identifiers, removing whitespace, encoding strings, and inserting junk logic while preserving the original behavior. This technique is specifically designed to extend the time required for manual or automated analysis and is frequently applied to malicious JavaScript delivered via compromised websites. Unlike encryption, obfuscated code still executes directly in the browser without requiring a decryption key.
Encryption renders data entirely unreadable without the correct key, whereas obfuscated code remains directly executable by the runtime environment.
Concept tested: JavaScript obfuscation for malware evasion
Source: https://owasp.org/www-community/controls/Obfuscation
Topics
Community Discussion
No community discussion yet for this question.