PDF X-RAY is Open!
I figured there is no better time to release a tool then at Blackhat and Defcon. Feel free to click around, share reports and use the API to query for samples. I am interested in hearing feedback,...
View ArticleBurning FPDF/FPDI Libraries with Heavy Pint
In the packing PDFs blog entry I mentioned that I created a tool for creating the documents I later released. At the time I decided that releasing the tool would not be in the best interest of...
View ArticleSnatching SWFs from PDFs Made Easier with SWF Mastah
Recently I have been spending my time focusing on targeted PDF files. Something I have always ignored were PDFs that just acted as a vehicle for SWF files, but a lot of these CVE2011-0611 exploits are...
View ArticlePDF X-RAY Without Storage
If you have uploaded a very large document to PDF X-RAY (hosted or local) then you may have noticed that processing doesn't work out too well. If the generated text is over a certain size then MongoDB...
View ArticleForeseeing Malware Changes Based on Trends
On November 22, 2011 the Internet Storm Center put out a great blog on Blackhole and Zeroaccess detailing changes in delivery method and payload. Being an incident responder, I find this information...
View ArticleNo API, No Problem - Hacking OpenDNS
The best products are often simple but effective ideas that have been exceptionally well executed. OpenDNS embodies this type of product. Having used their solution, the technology appears...
View ArticlePDF X-RAY Lite Created for REMnux Version 3
A few weeks ago Lenny Zeltser announced that REMnux version 3 was in the works and that he was taking suggestions for tools to be included. One of the best aspects of REMnux is its size (~1GB) and...
View ArticleConsuming Raw or Unstructured Data is Bad for your Health
No, seriously, it is. Think about all the time wasted reformatting someone else’s data or dealing with management requesting some magical composite report built from five of your primary tools, all of...
View ArticleSmart Hash Google Gadget
Hashes and malware go together. When you get a new piece of malware the first thing you should do is create a hash and search for any information available on it. In some cases you may turn up nothing...
View ArticleObfuscated JavaScript 2.0 - Building an encoder
JavaScript is a wonderful language full of tricks, power and the element of confusion. In this day and age it is likely that most people handling PDF, JAVA, Flash or browser-based exploits has either...
View ArticleFormal Introduction of PastyCake
A couple days ago malc0de released a PERL script to search PasteBin and update the user in near-realtime. The script wasn't beautiful, but it got the job done, so being the Python fan I am, I ported...
View ArticleDoomsday JavaScript Encoder
In my last post I detailed a whole bunch of ways to make encoders better and that I had authored my own to see how difficult it was. Last night I released the encoder with some extra little bells and...
View ArticleClassyPDF Tool Up for Grabs
Back at the tail end of April I had posted about data mining PDF data in order to classify whether or not a document were malicious. In the post I had talked about data and an API, but never released...
View Article
More Pages to Explore .....