Saturday, October 11, 2014

Hacktivity 2014 - Hello PDF workshop

My Hacktivity 2014 - Hello PDF workshop files can be downloaded from here:

password: "malware"

The zip file contain the following files:

hello.pdf - PDF with sample JS exploit
helloworld.pdf - sample, "hello world" PDF
Hacktivity 2014 - Fitzl Csaba - Hello PDF.pdf - detailed instructions of the workshop

The original workshop description:

"The goal of the workshop is the short introduction of malicious PDF analysis. During the exercise we will first create a malicious PDF with Metasploit, which we will analyze later. For that we will use the REMnux Linux distribution, which is optimized for malware examination, with lots of pre-loaded applications. We will cover the PDF’s structure briefly, how can we export or check various objects.

After we extracted the malicious JavaScript code from the PDF, we will see how we can run it safely, and then we will extract the Metasploit generated shellcode from it, then converting it to an executable, what we can analyze in a debugger. Alternatively we will see how we can emulate the shellcode on Linux, without running it on Windows, still being able to extract the required information."