Phoneypdf - A Virtual PDF Analysis Framework
Offered By: nullcon via YouTube
Course Description
Overview
Explore tools and techniques for analyzing malicious PDF files in this 35-minute conference talk from nullcon Goa 2014. Delve into the presentation of phoneypdf, an open-source PDF analysis framework that builds upon existing work and introduces new methods to leverage the Adobe PDF DOM and XFA. Learn how emulating the Adobe PDF DOM provides a unique advantage over other available tools, offering fine-grained information on PDF layout, XFA, and JavaScript execution. Gain insights into how this approach allows for deeper understanding of exploitation techniques compared to pure static analysis. The talk covers topics such as Adobe Reader, code execution vulnerabilities, parsing challenges, analysis engine functionality, JavaScript handling, Adobe DOM emulation, XML Forms Architecture, PDF rendering, and open-source contributions.
Syllabus
Intro
Lightning version
Adobe Reader
Code Exec Vulns in Reader
Previous Work
Design
The Parser
Parsing is not fun
Example #1: Raw to Python
Example #2
The Analysis Engine
JavaScript #2
Adobe DOM Emulation
Adobe XML Forms Architecture / X
'Render' the PDF
Handlers
Open Source
Taught by
nullcon
Related Courses
Computer SecurityStanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network