For those who read my blog and follow my research then you know I chose MongoDB as my backend database to store my PDFs and if you don't, well now you know. The catch is that I don't actually store the file in the database like some people/scripts...
Read more →A couple months back I remember reading a post from Symantec about visualizing entropy to identify infected Microsoft documents. At the time it didn't really dawn upon me to visualize the PDF samples I had, but I did take a brief look into how ent...
Read more →In my last post I mentioned that I wanted to put together an API for my malpdfobj tool, so sharing could be easier. The good news is that I have the RESTful API functioning complete with interactive API documentation, python interfaces and the abi...
Read more →One of the most important elements to a malicious PDF is the content and payload within it. Up until this point the PDF malware object my tool outputted just contained various details about the structure, hashings and scanning data which was great...
Read more →Since releasing the malpdfobj tool (~24 hours), I have been running and testing it. I found a couple bugs that caused issues when inserting some samples into the database, but those are all now fixed (and documented on github). The current code de...
Read more →Progressing forward with my results from yesterday I was able to get most of the data I cared about in a JSON format. Having the JSON for each grouping of data was great, but didn't really do me any good because I could never get it into MongoDB t...
Read more →