Last week a friend of mine asked me to debug/RE some phishing emails that had been sent to them. These phishing emails were visually very clever and looked identical to the real site! But as I looked at the javascript I frankly became embarassed for the developer. Sure, they’d run the code through an obfuscation engine and added some basic anti-debug tricks, but that’s nothing you can’t defeat with AST and proxying function calls.
