AV Bypass for Malicious PDFs Using XDP
by admin • June 15, 2012 • Uncategorized
Update - 06/19/2012 alert tcp $EXTERNAL_NET $FILE_DATA_PORTS -> $HOME_NET any (msg:"FILE-PDF Adobe PDF XDF encoded download attempt"; flow:to_client,established; flowbits:isset,file.xml; file_data; content:"JVBERi"; fast_pattern:only; content:"
Read more →