Blackhat Amsterdam 2012 : ToolsTube with Jose Miguel Esparza on Peepdf

peepdf is a Python tool to explore PDF files in order to find out if the file can be harmful or not. The aim of this tool is to provide all the necessary components that a security researcher could need in a PDF analysis without using 3 or 4 tools to make all the tasks. It’s included in BackTrack and REMnux.

Some of the peepdf features:

• It shows all the objects in the document, highlighting the suspicious elements and potential vulnerabilities.
• It supports all the most used filters and encodings.
• It can parse different versions of a file, object streams and encrypted documents.
• It provides Javascript and shellcode analysis wrappers, thanks to Spidermonkey and Libemu.
• It’s able to create new PDF files and modify existent ones using obfuscation techniques.
• It’s able to extract all the information easily thanks to its interactive console.

Jose Miguel Esparza is a security researcher and has been working as e-crime analyst at S21sec e-crime for more than 5 years, focused on botnets, malware and Internet fraud. Author of some exploits and analysis tools like Malybuzz and peepdf (http://eternal-todo.com/tools). He is also a regular writer in the S21sec blogs (http://blog.s21sec.com and http://securityblog.s21sec.com) and http://eternal-todo.com about security and threats in Internet, and has taken part in several conferences, e.g. RootedCon (Spain), CARO Workshop (Czech Republic) and Source Seattle (USA).