Black Hat Arsenal peepdf Challenge 2015 writeup

At the beginning of August I saw a link on twitter by Jose Miguel Esparza, the author of peepdf tool, about a challenge he created for Black Hat Arsenal conference in USA. So reading the blog post I decided to play with the challenge and now here’s my writeup solution. I hope that you like […]

PDF analysis of Nuclear Pack EK and CVE-2010-0188/CVE-2010-2883

On Malwarebytes’ blog it’s recently been published a description about Nuclear Pack exploit kit, though there isn’t a description of the PDF exploit used, so we’ve decided to proceed with a more in-depth analysis. PDF analysis In order to start the analysis we have used peepdf: There are two objects that appear to be suspicious: so let’s start with… object […]

Analysis of CVE-2010-0188 PDF from RedKit ExploitKit

After noticing a substantial increase in RedKit infections, following a series of investigations performed on URLQuery, we have decided to go deeper to understand what was happening behind the curtains. RedKit is an exploitation packs that uses the following infection flow: We have this for today’s example: http://urlquery.net/report.php?id=1305873 and the resource is http://senreibehn.narod.ru/ A user visiting a page compromised with […]