Home > Disassembly, Tech > PDF Analysis Primer

PDF Analysis Primer

The Sourcefire Vulnerability Research Team has released a beginners guide to PDF analysis. Well worth the read and very timely considering that according to a report released by a security firm in February 2010, 80% of all exploits in 2009 originated with malicious PDF’s.

For obvious reasons, the VRT has been spending a lot of time on the PDF format lately. While the attack researchers have been concentrating on fuzzing, reverse engineering and data flow analysis, the defense researchers have been automating the backend analysis of PDF submissions. As part of this effort, we’ve had to do a very deep dive on the PDF format. I thought it might be useful to share some of what we’re seeing come in our data feeds, and what you should look for when reviewing PDF files.

Advertisements
Categories: Disassembly, Tech
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s