ReCon slides – How to really obfuscate your PDF malware

Last Friday I was at ReCon in Montreal to give a talk about obfuscated PDF malware. I got the idea for the talk during my work on PDF Dissector where I saw a lot of obfuscated PDF malware. The obfuscation I saw in the wild was mostly very limited and the malware authors did not seem to think things through to the very end. I took the opportunity to think a bit further about the whole topic of PDF malware obfuscation and a few of the result of these thoughts can be seen in the slides below. If you do not have Flash enabled, click here to download the slides.

[slideshare id=4745445&doc=howtoreallyobfuscateyourpdfmalware-100713095253-phpapp01]

3 Responses to “ReCon slides – How to really obfuscate your PDF malware”

  1. Ange says:

    very interesting.

    I can’t decide if the ‘Adobe JS’ trick is funny or sad, though

  2. […] Sebastian Porst: "How to really obfuscate your PDF malware" […]

  3. […] A Time Killer (getPageNthWord,CVE-2008-2992,CVE-2007-5659,CVE-2009-0927,CVE-2009-4324) 2010-07-13: ReCon slides – How to really obfuscate your PDF malware 2010-07-20: PDF time bomb (CVE-2008-2992,CVE-2007-5659,CVE-2009-0927) 2010-08-04: PDF Exploit: […]