Nytro Posted August 5, 2012 Report Share Posted August 5, 2012 [h=3]PDF Analysis + A Request[/h][h=2]Sunday, August 05, 2012[/h]I am going to first make my request. Those who know me know I am a bit gaga for photography. One of my pictures was chosen for the exhibition 'London: A Picture of Sustainability'. Please take a second to vote for my photo (if you like it of course!). I was honored to get this far and it would be awesome to be chosen to win! Definitely look at all of them, its neat to see what everyones definition of 'sustainability' is.All the photographs will be available for sale! I am invited to the Exhibition Opening! What do I wear?! Do I need to suit up?! I thought IRs were stressful....I can't ask you guys for something without giving something in return... so I present not one, but TWO videos on PDF analysis! I will be looking at one PDF via peepdf (the new version) in REMnux and then in PDFStreamDumper. More than one way to peel a potato The file I am using for this demo is 'CVE-2009-4324_PDF_2009-11-30_note200911.pdf=1ST0DAYFILE' which I grabbed from a malicious document collection from Contagio. What would we do without Contagio?UPGRADING TO PEEPDF 0.2If you already have Peepdf, its quite simple to update. Simply type in: $sudo peepdf.py -u Then everything should be lovely jubbley If not you can go to where you have peepdf installed (in REMNux its in /usr/local/bin) The PDF and run the command direct from there.Ok I lied, you need to do a few more things. You need to also install pylibemu and maybe update libemu while you are at it. Jose recommends using git as the sourceforge packages are outdated. Check the readme for other dependencies you may want. I also was having issues even afte this, peepdf was not seeing my pylibemu library. I noticed when reinstalling everything I did not have python bound to libemu. I did some browsing and this fixed my issue. Thank you Alex from Canada!If you do not have peepdf you can go to the main site directly and download for your system, or you can even find the older version on REMnux (a great free vm for analysing malware) and simply upgrade it youself! PDF STREAM DUMPERI really love this tool as well. I know its' cooler' to use the command line but you know you have to respect a great GUI tool which is amazginly versatile. Again, using the same PDF from peepdf-- I show analysis being done with this windows tool. You can grab the program at the sandsprite website. Thats all for now folks-- please please please vote in the photo comptetition. And a big thank you to Jose for all your assistance with peepdf! If you ever find yourself in London I owe you a beer Sursa: Sketchymoose's Blog: PDF Analysis + A Request Quote Link to comment Share on other sites More sharing options...
