Quantcast
Channel: 9b+
Browsing latest articles
Browse All 13 View Live

PDF X-RAY is Open!

I figured there is no better time to release a tool then at Blackhat and Defcon. Feel free to click around, share reports and use the API to query for samples. I am interested in hearing feedback,...

View Article



Burning FPDF/FPDI Libraries with Heavy Pint

In the packing PDFs blog entry I mentioned that I created a tool for creating the documents I later released. At the time I decided that releasing the tool would not be in the best interest of...

View Article

Image may be NSFW.
Clik here to view.

Snatching SWFs from PDFs Made Easier with SWF Mastah

Recently I have been spending my time focusing on targeted PDF files. Something I have always ignored were PDFs that just acted as a vehicle for SWF files, but a lot of these CVE2011-0611 exploits are...

View Article

PDF X-RAY Without Storage

If you have uploaded a very large document to PDF X-RAY (hosted or local) then you may have noticed that processing doesn't work out too well. If the generated text is over a certain size then MongoDB...

View Article

Image may be NSFW.
Clik here to view.

Foreseeing Malware Changes Based on Trends

On November 22, 2011 the Internet Storm Center put out a great blog on Blackhole and Zeroaccess detailing changes in delivery method and payload. Being an incident responder, I find this information...

View Article


Image may be NSFW.
Clik here to view.

No API, No Problem - Hacking OpenDNS

The best products are often simple but effective ideas that have been exceptionally well executed. OpenDNS embodies this type of product. Having used their solution, the technology appears...

View Article

PDF X-RAY Lite Created for REMnux Version 3

A few weeks ago Lenny Zeltser announced that REMnux version 3 was in the works and that he was taking suggestions for tools to be included. One of the best aspects of REMnux is its size (~1GB) and...

View Article

Image may be NSFW.
Clik here to view.

Consuming Raw or Unstructured Data is Bad for your Health

No, seriously, it is. Think about all the time wasted reformatting someone else’s data or dealing with management requesting some magical composite report built from five of your primary tools, all of...

View Article


Image may be NSFW.
Clik here to view.

Smart Hash Google Gadget

Hashes and malware go together. When you get a new piece of malware the first thing you should do is create a hash and search for any information available on it. In some cases you may turn up nothing...

View Article


Image may be NSFW.
Clik here to view.

Obfuscated JavaScript 2.0 - Building an encoder

JavaScript is a wonderful language full of tricks, power and the element of confusion. In this day and age it is likely that most people handling PDF, JAVA, Flash or browser-based exploits has either...

View Article

Image may be NSFW.
Clik here to view.

Formal Introduction of PastyCake

A couple days ago malc0de released a PERL script to search PasteBin and update the user in near-realtime. The script wasn't beautiful, but it got the job done, so being the Python fan I am, I ported...

View Article

Image may be NSFW.
Clik here to view.

Doomsday JavaScript Encoder

In my last post I detailed a whole bunch of ways to make encoders better and that I had authored my own to see how difficult it was. Last night I released the encoder with some extra little bells and...

View Article

ClassyPDF Tool Up for Grabs

Back at the tail end of April I had posted about data mining PDF data in order to classify whether or not a document were malicious. In the post I had talked about data and an API, but never released...

View Article

Browsing latest articles
Browse All 13 View Live




Latest Images