Last Updated: 2009-05-24 05:38:42 UTC
by Raul Siles (Version: 1)
On the one hand, I've been actively using PDF exploits in recent penetration tests, emulating the real-world attacks we have seen in the wild and described in several ISC diaries during the last 2-3 years (you can get most of them using the following search in Google: "pdf site:isc.sans.org"). Both, the open-source Metasploit Framework, and commercial pen-testing tools, like Core Impact, include these capabilties.
"Anatomy of Malicious PDF Documents". Didier Stevens. Hakin9 magazine.
In order to get a copy of the article, in PDF format (What a coincidence! Is it malicious or not? ), you just need to provide an e-mail address. Do not forget to download the RTF document with the code listing (link on the right hand side).
This article is a must read and great starting point for incident handlers interested on increasing their skills to analyze malicious PDF documents. If you want to start practicing today, before being a target, generate a malicious PDF document in Metasploit and analyze it. For more advanced inspection, I encourage you to use some specific PDF analysis tools.