Blackhat Amsterdam 2012 : ToolsTube with Jose Miguel Esparza on Peepdf

Tools + Interview + ToolsTube NJ Ouchn todayMarch 19, 2012

Background
share close

peepdf is a Python tool to explore PDF files in order to find out if the file can be harmful or not. The aim of this tool is to provide all the necessary components that a security researcher could need in a PDF analysis without using 3 or 4 tools to make all the tasks. It’s included in BackTrack and REMnux.

Some of the peepdf features:

  • It shows all the objects in the document, highlighting the suspicious elements and potential vulnerabilities.
  • It supports all the most used filters and encodings.
  • It can parse different versions of a file, object streams and encrypted documents.
  • It provides Javascript and shellcode analysis wrappers, thanks to Spidermonkey and Libemu.
  • It’s able to create new PDF files and modify existent ones using obfuscation techniques.
  • It’s able to extract all the information easily thanks to its interactive console.

Jose Miguel Esparza is a security researcher and has been working as e-crime analyst at S21sec e-crime for more than 5 years, focused on botnets, malware and Internet fraud. Author of some exploits and analysis tools like Malybuzz and peepdf (http://eternal-todo.com/tools). He is also a regular writer in the S21sec blogs (http://blog.s21sec.com and http://securityblog.s21sec.com) and http://eternal-todo.com about security and threats in Internet, and has taken part in several conferences, e.g. RootedCon (Spain), CARO Workshop (Czech Republic) and Source Seattle (USA).


 

Written by: NJ Ouchn

Tagged as: , , , , .

Rate it
About the author
Avatar

NJ Ouchn

"Passion is needed for any great work, and for the revolution, passion and audacity are required in big doses"


Previous post

Similar posts

Post comments (0)

Leave a reply

Your email address will not be published. Required fields are marked *


LOGO

  • help@firwl.com
  • info@firwl.com


Products


Company


Contacts

Support


LOGO

  • help@firwl.com
  • info@firwl.com


Products


Company


Contacts

Support