PaulDotCom mailing list archives

Previous By Date Next
Previous By Thread Next

Re: evaluation of potentially malicious PDFs

From: Marc Wickenden <marc () offensivecoder com>
Date: Sat, 1 Sep 2012 08:01:59 +0100
On 31 Aug 2012, at 20:25, Herndon Elliott <alabamatoy () gmail com> wrote:


Learning of lots of avenues of intrusion through PDF documents.  Embedded javascript, stego, referenced malware, 
flash embedding, etc.  Does anyone know of a tool which can evaluate a PDF for questionable content without opening 
it in reader?


Two words: Didier Stevens. 

Didier has done loads of great work in this area. Specifically with python tools and a hacked version of Mozilla's 
Spider Monkey.

His blog is at http://didierstevens.com. He released a malicious PDF analysis e-book a while back too which can be 
found here http://blog.didierstevens.com/2010/09/26/free-malicious-pdf-analysis-e-book/.

I also wrote a blog post on solving a PDF challenge set by Didier at 
http://offensivecoder.com/2011/04/15/solving-the-security-bsides-london-challenge-number-2/ which may be interesting as 
an introduction to the process. I'd never done it before. 

Marc
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
Previous By Date Next
Previous By Thread Next

Current thread: