Pub
Var
Home
Workshop
Analysis of a CVE-2013-3346/CVE-2013-5065 exploit with peepdf
Conferences
Exploits
PDF
peepdf
Shellcode
Tools
Vulnerabilities
Workshop
There are already some good blog posts talking about this exploit, but I think this is a really good example to show how
peepdf
works and what you can learn next month if you attend the
1day-workshop
“Squeezing Exploit Kits and PDF Exploits”
at
Troopers14
or the
2h-workshop
"PDF Attack: A Journey from the Exploit Kit to the Shellcode"
at
Black Hat Asia (Singapore)
. The mentioned exploit was using the
Adobe Reader ToolButton Use-After-Free vulnerability
to execute code in the victim's machine and then the
Windows privilege escalation 0day
to bypass the
Adobe sandbox
and execute a new payload without restrictions.
This is what we see when we open the PDF document (
6776bda19a3a8ed4c2870c34279dbaa9
) with
peepdf
:
Submitted by jesparza on Thu, 2014/02/20 - 21:48
Read more
Español
Search this site:
Security
Analysis
Spam
Citadel
NFC
PDF
Malcode
Botnets
peepdf
Conferences
Python
Malware
Javascript
Feodo
Challenge
Reversing
Specifications
Shellcode
Exploit kits
Black Hat
ZeuS
Research
Mobile
Tools
Vulnerabilities
Fraud
Tatanga
Exploits
Botnet
Scripts
more tags
Latest blog posts
Dridex spam campaign using PDF as infection vector
Adding a scoring system in peepdf
Travelling to the far side of Andromeda at Botconf 2015
Black Hat Arsenal peepdf challenge solution
Black Hat Arsenal peepdf challenge
peepdf news: GitHub, Google Summer of Code and Black Hat
Andromeda/Gamarue bot loves JSON too (new versions details)
Quick analysis of the CVE-2013-2729 obfuscated exploits
Dissecting SmokeLoader (or Yulia's sweet ass proposition)
Released peepdf v0.3
more
Security Posts
Frenchy – Shellcode in the Wild
FTCODE Ransomware — New Version Includes Stealing Capabilities
Critical Windows Update - CryptoAPI Spoofing, Windows Remote Desktop vulnerabilities
Remote Access VPNs Have Ransomware on Their Hands
A look at the recent BuleHero botnet payload
A Big Day for Phishing
A New Wave of Stalkerware Apps
Scamming and Smishing while Shopping
NetSupport RAT installed via fake update notices
Fileless malware campaign roundup
Emotet is back in action after a short break
UC Browser app abuses may have exposed 500 million users
Examining the Ryuk Ransomware
Magecart hits again, leveraging compromised sites and newly registered domains
Phishing attacks abusing appspot.com and web.app domains on Google Cloud
InnfiRAT: A new RAT aiming for your cryptocurrency and more
Saefko: A new multi-layered RAT
Abusing Microsoft’s Azure domains to host phishing attacks
Magecart activity and campaign enhancements
Felipe, a new infostealer Trojan
more
