Comments on: PDF, Let Me Count the Ways…

By: Security PDF-related links in 2010: analyses and tools

Security PDF-related links in 2010: analyses and tools — Wed, 10 Aug 2011 01:25:34 +0000

[...] lot of analyses from Contagiodump blog 2011 PDF – Vulnerabilities, Exploits and Malwares 2011 PDF, Let Me Count the Ways 2011 Analysing a Malicious PDF Document 2010 The Rise of PDF [...]

By: Secur-IT

Secur-IT — Thu, 06 Jan 2011 13:25:49 +0000

[...] peut être intéressant de noter que pdfid supporte l’obfuscation des noms : que le nom de l’objet soit en ASCII, ANSI, hexadécimal ou autre type [...]

By: Analysing a Malicious PDF Document

Analysing a Malicious PDF Document — Sat, 06 Nov 2010 12:08:53 +0000

[...] Stevens has a list of malicious PDF obfuscation methods here, for those interested in the [...]

By: Doug

Doug — Sat, 14 Aug 2010 18:53:22 +0000

Any chance you have a series of benign PDF’s that demonstrate the different types of vulnerabilities you’ve seen malware use (or for that mater even malware infested PDF’s).

Like Ariel, I’m writing something to hopefully help detect this stuff. In my case I’m writing it in PHP to be used with a website that is going to let users upload PDF’s.

Thanks,
Doug

By: Les outils d’analyse de PDF « Elevenses blog

Les outils d’analyse de PDF « Elevenses blog — Mon, 10 May 2010 16:26:10 +0000

[...] est intéressant de noter que pdfid supporte l'obfuscation des noms : que le nom de l'objet soit en ASCII, ANSI, hexadécimal ou autre type d'encodage, pdfid [...]

By: Chirashi Security » Malicious PDF files and embedding

Chirashi Security » Malicious PDF files and embedding — Wed, 15 Jul 2009 05:35:05 +0000

[...] another object to a PDF file. So I tried to add a URI with OpenAction similar to Didier in this post. I opened the new file in Preview; absolutely nothing. Knowing that I had to be more thorough, [...]

By: Abusing PDFs « Security For All

Abusing PDFs « Security For All — Wed, 08 Jul 2009 21:03:38 +0000

[...] if you want to make it harder to detect, use PDF obfuscation techniques. Or embed the file twice with incremental updates. First version is the file you want to hide, [...]

By: Embedding and Hiding Files in PDF Documents - Opsec

Embedding and Hiding Files in PDF Documents - Opsec — Wed, 01 Jul 2009 17:22:39 +0000

[...] if you want to make it harder to detect, use PDF obfuscation techniques. Or embed the file twice with incremental updates. First version is the file you want to hide, [...]

By: Embedding and Hiding Files in PDF Documents « Didier Stevens

Embedding and Hiding Files in PDF Documents « Didier Stevens — Wed, 01 Jul 2009 06:28:46 +0000

[...] if you want to make it harder to detect, use PDF obfuscation techniques. Or embed the file twice with incremental updates. First version is the file you want to hide, [...]

By: Updates: bpmtk and Hakin9; PDF and Metasploit « Didier Stevens

Updates: bpmtk and Hakin9; PDF and Metasploit « Didier Stevens — Tue, 09 Dec 2008 21:24:47 +0000

[...] On the PDF front: I’ve produced my first Ruby code . I worked together with MC from Metasploit to optimize the PDF generation code in this util.printf exploit module. It uses some obfuscation techniques I described 8 months ago. [...]