Norwegian Honeynet Project


A chapter of the Honeynet Project

Analysing malicious PDF documents and shellcode

August 24th, 2008 by mkrakvik (2) Analysis, Videos

It’s time for another video-post, and this time we’re going to look at a malicious PDF document attempting to exploit a known vulnerability in the Collab.collectEmailInfo() function. We’re going to show how you can extract the shellcode and perform some static code analysis using tools like HT and IDA Pro.

Analysing malicious PDF documents and shellcode

Click on image to show video (opens in new window)

For references, here are the tools used in the video:

Hope you’ll find it useful! :)

2 Responses to “Analysing malicious PDF documents and shellcode”

  1. ocean’s InsecLab » Blog Archive » Analyzing a malicious pdf file Says:
    December 21st, 2008 at 15:35

    [...] shellcode is just the same as the one analyzed here. it only changes the url from where to get the malicious [...]

  2. Analysing malicious PDF documents and shellcode « 0day in {REA_TEAM} Says:
    January 28th, 2010 at 05:02

    [...] Norwegian Honeynet Project » Blog Archive » Analysing malicious PDF documents and shellcode.   Leave a [...]

Leave a Reply

© Norwegian Honeynet Project 2010. Powered by Wordpress/Arcsin.
valid CSS valid XHTML