By YELIA MAMDOUH EL GHALY
When we start to check the PDF files that exist in our PC or laptop, we may use an antivirus scanner but these days, it seems they're not good enough to detect malicious PDF files that contain a shell code because an attacker will mostly encrypt its content to bypass the antivirus scanner and in many times target a zero day vulnerability that exist in Adobe Acrobat Reader or in updated version.
Before we start to analyze malicious PDFs, we are going to have a simple look at PDF structures so we can understand how the shell code works and where it;s located.
PDF components
PDF Header
The first line of a PDF shows the PDF format version. It's the most important line that gives you the basic information of the PDF file, for example “%PDF-1.4 means that file was created with the fourth version.
PDF Body
The body of the PDF file consists of objects that compose the contents of the document. These objects include fonts, images, annotations, text streams and the user can put invisible objects or elements. These objects can interact with PDF features like animation and security features. The body....
Author
- BlogSeptember 23, 2023Leveraging AI in Cybersecurity: Transforming Threat Detection, Prevention, and Beyond
- BlogAugust 24, 2023How Simply Browsing The Internet Gives Scammers An Advantage – And What You Can Do About It
- BlogJuly 1, 2022WEF - WiFi Exploitation Framework
- BlogMay 19, 2022Osmedeus is a Workflow Engine for Offensive Security