Antivirus

Obfuscation and (non-)detection of malicious PDF files

Antivirus
Detection
PDF
peepdf
Specifications
Tools
Vulnerabilities

More than two months ago I talked at Rooted CON (Madrid) about some techniques to obfuscate and hide malicious PDF files. I gave the same speech at CARO 2011 (Prague) some days ago with updated slides and a demo of peepdf.

The idea is that it's possible to use some malformations in the documents, like those commented by Julia Wolf, and the PDF specification itself in order to keep the files hidden from Antivirus engines and parsers. Bad guys can effectively use it to create an undetectable exploit and use it as an attacking vector. Some of the techniques are the following:

Submitted by jesparza on Fri, 2011/05/13 - 15:09

2 comments
Read more
Español

Antivirus

Obfuscation and (non-)detection of malicious PDF files

Latest blog posts

Security Posts