PDF Security links, 2010: Analysis and Tools

In Uncategorized
After a year of incidents related to the Portable Document Format (PDF) it is good to look back and remember some of the most important ones. Listed below are some links to malicious and / or obfuscated PDF document analysis, and some tools that have made their appearance in 2010. I hope you enjoy them!


2010-01-04: Sophisticated, targeted malicious PDF documents exploiting CVE-2009-4324 (embedded binaries)

2010-01-07: Static analysis of malicous PDFs (Part #2) (getAnnots, arguments.callee)

2010-01-09: PDF Obfuscation (variables substitution, LuckySploit, CVE 2008-2992)

2010-01-13: Generic PDF exploit hider. embedPDF.py and goodbye AV detection

2010-01-14: PDF Obfuscation using getAnnots() (getAnnots, arguments.callee, Neosploit)

2010-02-15: Filling Adobe’s heap (Javascript, ActionScript and PDF images)

2010-02-18: Malicious PDF trick: getPageNthWord

2010-02-21: Analyzing PDF exploits with Pyew

2010-03-01: Analyzing PDF Files (getPageNthWord, getPageNumWords)

2010-04-08: JavaScript obfuscation in PDF: Sky is the limit (getAnnots,arguments.callee)

2010-04-09: Malicious PDF file analysis: zynamics style (PDF Dissector video)

2010-04-22: Will there be new viruses exploiting /Launch vulnerability in PDF?

2010-05-18: Quickpost: More Malformed PDFs

2010-06-08: Analysis of a Zero-day Exploit for Adobe Flash and Reader (CVE-2010-1297)

2010-06-09: A brief analysis of a malicious PDF file which exploits this week’s Flash 0-day (malware, ROP)

2010-06-21: World’s Smallest PDF

2010-07-02: Exploring recent PDF exploits: A Time Killer (getPageNthWord,CVE-2008-2992,CVE-2007-5659,CVE-2009-0927,CVE-2009-4324)

2010-07-13: ReCon slides – How to really obfuscate your PDF malware

2010-07-20: PDF time bomb (CVE-2008-2992,CVE-2007-5659,CVE-2009-0927)

2010-08-04: PDF Exploit: Number of pages is the Key (XOR, numPages,CVE-2007-5659,CVE-2009-0927,CVE-2009-4324)

2010-08-04: About the JailbreakMe PDF exploit

2010-08-12: More about the JailbreakMe PDF exploit (CVE-2010-1797)

2010-08-19: Anatomy of a PDF Exploit (AcroForm, TIFF, CVE-2010-0188)

2010-08-20: Analyzing CVE-2010-0188 exploits: The Legend of Pat Casey (Part 1)

2010-08-23: CVE-2010-1797 PDF exploit for Foxit Reader <= 4.0

2010-09-01: An approach to PDF shielding (encryption, object streams, nested PDF documents)

2010-09-13: Malicious PDF Challenges (getPageNumWords, getPageNthWord)

2010-09-17: The Rise of PDF Malware (whitepaper)

2010-09-26: Free Malicious PDF Analysis E-book

2010-10-02: Hiding PDF Exploits by embedding PDF files in streams and Flash ROP heapsprays (CVE-2010-2883)

2010-10-27: OMG WTF PDF – Julia Wolf (obfuscation, slides)

2010-10-28: CVE-2010-3654 Adobe Flash player zero day vulnerability

2010-10-28: New Adobe 0day (bug in flash player),CVE-2010-3654

2010-11-11: CVE-2010-4091 – printSeps – exploitation attempts

2010-12-03: CVE-2010-2883 with Flash JIT Spray (PDF in PDF) Event Invitation from The Heritage Foundation from spoofed Heritage address

2010-12-08: Scoring PDFs Based on Malicious Filter

2010-12-08: Released Malware Statistics and Scoring Tests

2010: Gran cantidad de análisis del blog Contagiodump


2010-05-31: PDF Dissector

2010-07-21: PDF Stream Dumper

2010-08-23: Opaf

2010-08-31: PDF Examiner (web interface)

Jose Miguel Esparza
S21sec e-crime

Recommended Posts

Leave a Comment