Hello workshop - Analysis of malicious PDF

  • Location: Bobek
  • Speaker: Csaba Fitzl
  • Date and time: 13:10 - 13:55

The goal of the workshop is to present briefly the analysis of malicious PDF.

 During the workshop we will first produce a malicious PDF file using Metasploit then we will analyze it. For this analysis I will be using the REMnux Linux distribution, optimized for malware analysis and containing numerous pre-installed applications to facilitate our task. Then we will briefly go through the structure of the PDF file and how to export and view various objects.

After exporting the malicious JavaScript code from the PDF file, we will review what options there are to run it securely. Then the shellcode generated by Metasploit will be removed and transformed into an EXE and analyzed by a debugger. In addition, we will examine how to dynamically analyze the original shellcode under Linux without running it on a Windows machine yet gaining the right information.
 

Requirements:

        VMware Player / Workstation
·         Kali Linux VMware virtuális gép
http://www.offensive-security.com/kali-linux-vmware-arm-image-download/
·         REMnux VMware virtuális gép http://zeltser.com/remnux/#download-remnux
·         SCP alkalmazás (például WinSCP) a REMnux-ra való fájl feltöltéshez


Sponsors:

Gold
Gold
Gold
Silver
Silver
Silver
Silver
Silver
Silver
Bronze
JOB
Technical