PaulDotCom mailing list archives
Re: evaluation of potentially malicious PDFs
From: Marc Wickenden <marc () offensivecoder com>
Date: Sat, 1 Sep 2012 08:01:59 +0100
On 31 Aug 2012, at 20:25, Herndon Elliott <alabamatoy () gmail com> wrote:
Learning of lots of avenues of intrusion through PDF documents. Embedded javascript, stego, referenced malware, flash embedding, etc. Does anyone know of a tool which can evaluate a PDF for questionable content without opening it in reader?
Two words: Didier Stevens. Didier has done loads of great work in this area. Specifically with python tools and a hacked version of Mozilla's Spider Monkey. His blog is at http://didierstevens.com. He released a malicious PDF analysis e-book a while back too which can be found here http://blog.didierstevens.com/2010/09/26/free-malicious-pdf-analysis-e-book/. I also wrote a blog post on solving a PDF challenge set by Didier at http://offensivecoder.com/2011/04/15/solving-the-security-bsides-london-challenge-number-2/ which may be interesting as an introduction to the process. I'd never done it before. Marc _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- evaluation of potentially malicious PDFs Herndon Elliott (Aug 31)
- Re: evaluation of potentially malicious PDFs Marc Wickenden (Sep 01)
- Re: evaluation of potentially malicious PDFs Xavier Mertens (Sep 01)
- Re: evaluation of potentially malicious PDFs Joshua M. Gauthier (Sep 01)
- Re: evaluation of potentially malicious PDFs Hevnsnt (Sep 01)