• Posts Tagged ‘heavy+pint’

    AV Bypass for Malicious PDFs Using XDP

    by  • June 15, 2012 • Uncategorized

    Update - 06/19/2012 alert tcp $EXTERNAL_NET $FILE_DATA_PORTS -> $HOME_NET any (msg:"FILE-PDF Adobe PDF XDF encoded download attempt"; flow:to_client,established; flowbits:isset,file.xml; file_data; content:"JVBERi"; fast_pattern:only; content:"

    Read more →