http://www.system7.org Spread the word, information is free. Mon, 16 Jan 2012 13:24:39 +0000 en hourly 1 http://wordpress.org/?v=3.3.1 http://www.system7.org/2010/04/20/analyzing-malicious-pdf-documents/ http://www.system7.org/2010/04/20/analyzing-malicious-pdf-documents/#comments Tue, 20 Apr 2010 11:50:00 +0000 . http://www.system7.org/?p=513 Continue reading →]]> So you want to get your feet wet?

1. Grab Didier Stevens tools here: http://blog.didierstevens.com/programs/pdf-tools/
2. Grab malicious PDF samples here: http://www.malwaredomainlist.com/mdl.php?search=pdf+exploit&colsearch=All&quantity=50 *Be careful, these are live samples!
3. Video Tutorial: Didier on analyzing a PDF Document: http://www.youtube.com/v/tHVi2wKCkTc
4. You’re going to run into some heavily obfuscated JavaScript.  Read this article: http://isc.sans.org/diary.html?storyid=2358
5. Other deobfuscation tools: Malzilla, SpiderMonkey (need to handle document.write), debug via Rhino, Firefox add-on (haven’t tried this one)

]]> http://www.system7.org/2010/04/20/analyzing-malicious-pdf-documents/feed/ 0