promise

Prerequisites & Requirements

• Basic Node.js and NPM Knowledge: Fundamental understanding of Node.js project structure, package.json , node_modules, and how npm manages dependencies.
• Intermediate JavaScript Proficiency: Ability to read, understand, and identify suspicious patterns in JavaScript code, including common library usage and built-in Node.js modules.
• Basic Web Concepts: Familiarity with HTTP requests, webhooks, and how data can be exfiltrated over a network.

What will you learn?

• Identify Malicious NPM Packages: Develop skills in recognizing indicators of compromise within node_modules and identifying suspicious packages that mimic legitimate ones.
• Analyze Malicious JavaScript Behavior: Learn to trace the execution flow of malicious JavaScript code, identifying functions for file system interaction, command execution, and data exfiltration.
• Uncover Data Exfiltration Mechanisms: Understand how sensitive data is collected from compromised systems ( e.g ., browser data) and transmitted to attacker-controlled infrastructure ( e.g ., Discord webhooks).

Tools

• CyberChef: A versatile web-based tool for decoding Base64 strings and other data transformations.