Update: I figured that there is some interest in these collections, as such I will regularly update this page.
I have been asked to provide some information on analyzing and reversing PDF and DOC exploits, here are some hints where to look and how to do it :
PDF
- Adobe - PDF Specification
- Didier Stevens - Risky PDF (Presentation and files)
- Didier Stevens - Analysing a malicious PDF file
- Didier Stevens - Pdf tools
- Debugging Adobe Javascript - PlanetPDF
- Blackhat - Portable Document Format (PDF) Security Analysis and Malware Threats
- Pacsec - PDF Origami - OSSIR09 (Thanks to DiontheGod for the link)
- New Viral Threats of PDF Language
- PDF Samples
- Official Microsoft Office Fileformat specification (PPT,DOC,XLS..)
- 25C3 - Methods for Understanding Targeted Attacks with Office Documents
Video and Audio released (MP4) released (M4V) released (MP3) released (OGG) - PPT format briefly explained
- Biffview (XLS analyser) b2xtranslator
- OfficeCat for Windows| OfficeCat for Linux (detects possible exploit conditions)
- C# and C++ code to analyse the new Office 2007 format Codeproject (use BugmeNot to login)
- Biffworkbench
- CWSandbox is able to analyse PDF files as of 12/2008. It does so by opening the pdf file in an old 8.x version and monitoring various changes. Link
- Anubis is able to analyse PDF/Flash and Websites. It does so by using IE and Acrobat reader and monitor changes. Link
- Mupdf (Browser plugin)
- SumatraPDF (bases on muPDF)
- Convert all ingress PDF to picture files (TIFF - fax files), the resulting file will have all the pages in a single TIFF. Note: the standard windows viewer allows for persitent commenting, annotations, highlights etc.
- Example with ghostscript : gs -q -sDEVICE=tifflzw -dBATCH -dNOPAUSE -r120 -sOutputFile=OUTPUTFILE.tiff INPUTFILE.pdf 2>&1
- P.S: Normal rules apply, don't assume GS parser to be 100% safe
.png)
0 comments
Post a Comment