Phoneypdf - A Virtual PDF Analysis Framework
Offered By: nullcon via YouTube
Course Description
Overview
Explore tools and techniques for analyzing malicious PDF files in this 35-minute conference talk from nullcon Goa 2014. Delve into the presentation of phoneypdf, an open-source PDF analysis framework that builds upon existing work and introduces new methods to leverage the Adobe PDF DOM and XFA. Learn how emulating the Adobe PDF DOM provides a unique advantage over other available tools, offering fine-grained information on PDF layout, XFA, and JavaScript execution. Gain insights into how this approach allows for deeper understanding of exploitation techniques compared to pure static analysis. The talk covers topics such as Adobe Reader, code execution vulnerabilities, parsing challenges, analysis engine functionality, JavaScript handling, Adobe DOM emulation, XML Forms Architecture, PDF rendering, and open-source contributions.
Syllabus
Intro
Lightning version
Adobe Reader
Code Exec Vulns in Reader
Previous Work
Design
The Parser
Parsing is not fun
Example #1: Raw to Python
Example #2
The Analysis Engine
JavaScript #2
Adobe DOM Emulation
Adobe XML Forms Architecture / X
'Render' the PDF
Handlers
Open Source
Taught by
nullcon
Related Courses
Malicious Software and its Underground Economy: Two Sides to Every StoryUniversity of London International Programmes via Coursera Palo Alto Networks Cybersecurity Essentials II
Palo Alto Networks via Coursera Introducción al Análisis del Malware en Windows
National Technological University – Buenos Aires Regional Faculty via Miríadax Android Malware Analysis - From Zero to Hero
Udemy How to Create and Embed Malware (2-in-1 Course)
Udemy