- Removing unnecessary HTML tags
- Find and replace eval functions with prints, for example, or hook the eval function if it is possible (PyV8)
- Beautify the code
- Find shellcodes and exploit URLs
- Repeat if necessary
In the second part of the session I focused on the analysis of PDF files with the help of peepdf, showing the new functionalities, like the new command vtcheck to check hashes of the file, objects, shellcodes, etc. on VirusTotal. As I have mentioned, all the exercises were practical, using real malicious PDF files found in the wild to show and solve the most common problems you can find when you analyze a PDF document.
During the last minutes of the workshop was the time to show the obfuscation capabilities of peepdf. I created some custom PDF files using encryption, compression, encodings and embedding in another PDF file to difficult the analysis and obfuscate documents.
These are the slides of the workshop, you can download them from here: