Security PDF-related links in 2010: analyses and tools |
After one year full of security issues related to the Portable Document Format I've made a little compilation of useful links to analyses and tools:
Analysis
2010-01-04: Sophisticated, targeted malicious PDF documents exploiting CVE-2009-4324 (embedded binaries)
2010-01-07: Static analysis of malicous PDFs (Part #2) (getAnnots, arguments.callee)
2010-01-09: PDF Obfuscation (variable substitution, LuckySploit, CVE 2008-2992)
2010-01-13: Generic PDF exploit hider. embedPDF.py and goodbye AV detection
2010-01-14: PDF Obfuscation using getAnnots() (getAnnots, arguments.callee, Neosploit)
2010-02-15: Filling Adobe's heap (Javascript, ActionScript and PDF Images)
2010-02-18: Malicious PDF trick: getPageNthWord
2010-02-21: Analyzing PDF exploits with Pyew
2010-03-01: Analyzing PDF Files (getPageNthWord, getPageNumWords)
2010-04-08: JavaScript obfuscation in PDF: Sky is the limit (getAnnots,arguments.callee)
2010-04-09: Malicious PDF file analysis: zynamics style (PDF Dissector video)
2010-04-22: Will there be new viruses exploiting /Launch vulnerability in PDF?
2010-05-18: Quickpost: More Malformed PDFs
2010-06-08: Analysis of a Zero-day Exploit for Adobe Flash and Reader (CVE-2010-1297)
2010-06-09: A brief analysis of a malicious PDF file which exploits this week’s Flash 0-day (malware, ROP)
2010-06-21: World's Smallest PDF
2010-07-02: Exploring recent PDF exploits: A Time Killer (getPageNthWord,
CVE-2008-2992,CVE-2007-5659,CVE-2009-0927,CVE-2009-4324)
2010-07-13: ReCon slides – How to really obfuscate your PDF malware
2010-07-20: PDF time bomb (CVE-2008-2992,CVE-2007-5659,CVE-2009-0927)
2010-08-04: PDF Exploit: Number of pages is the Key (XOR, numPages,CVE-2007-5659,CVE-2009-0927,CVE-2009-4324)
2010-08-04: About the JailbreakMe PDF exploit
2010-08-12: More about the JailbreakMe PDF exploit (CVE-2010-1797)
2010-08-19: Anatomy of a PDF Exploit (AcroForm, TIFF, CVE-2010-0188)
2010-08-20: Analyzing CVE-2010-0188 exploits: The Legend of Pat Casey (Part 1)
2010-08-23: CVE-2010-1797 PDF exploit for Foxit Reader <= 4.0
2010-09-01: An approach to PDF shielding (encryption, object streams, nested PDF documents)
2010-09-13: Malicious PDF Challenges (getPageNumWords, getPageNthWord)
2010-09-17: The Rise of PDF Malware (whitepaper)
2010-09-26: Free Malicious PDF Analysis E-book
2010-10-02: Hiding PDF Exploits by embedding PDF files in streams and Flash ROP heapsprays (CVE-2010-2883)
2010-10-27: OMG WTF PDF - Julia Wolf (obfuscation, slides)
2010-10-28: CVE-2010-3654 Adobe Flash player zero day vulnerability
2010-10-28: New Adobe 0day (bug in flash player),CVE-2010-3654
2010-11-11: CVE-2010-4091 – printSeps - exploitation attempts
2010-12-03: CVE-2010-2883 with Flash JIT Spray (PDF in PDF) Event Invitation from The Heritage Foundation from spoofed Heritage address
2010-12-08: Scoring PDFs Based on Malicious Filter
2010-12-08: Released Malware Statistics and Scoring Tests
2010: A lot of analyses from Contagiodump blog
Tools
2010-05-31: PDF Dissector
2010-07-21: PDF Stream Dumper
2010-08-23: Opaf
2010-08-31: PDF Examiner (web interface)
I hope you enjoy it! ;)