ReCon slides – How to really obfuscate your PDF malware

by

Last Friday I was at ReCon in Montreal to give a talk about obfuscated PDF malware. I got the idea for the talk during my work on PDF Dissector where I saw a lot of obfuscated PDF malware. The obfuscation I saw in the wild was mostly very limited and the malware authors did not seem to think things through to the very end. I took the opportunity to think a bit further about the whole topic of PDF malware obfuscation and a few of the result of these thoughts can be seen in the slides below. If you do not have Flash enabled, click here to download the slides.

3 Responses to “ReCon slides – How to really obfuscate your PDF malware”

  1. Ange Says:

    very interesting.

    I can’t decide if the ‘Adobe JS’ trick is funny or sad, though

  2. PDF security under the microscope: A review of OMG-WTF-PDF | Naked Security Says:

    [...] Sebastian Porst: "How to really obfuscate your PDF malware" [...]

  3. Security PDF-related links in 2010: analyses and tools Says:

    [...] A Time Killer (getPageNthWord,CVE-2008-2992,CVE-2007-5659,CVE-2009-0927,CVE-2009-4324) 2010-07-13: ReCon slides – How to really obfuscate your PDF malware 2010-07-20: PDF time bomb (CVE-2008-2992,CVE-2007-5659,CVE-2009-0927) 2010-08-04: PDF Exploit: [...]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


Follow

Get every new post delivered to your Inbox.

Join 39 other followers

%d bloggers like this: