This course teaches tools and techniques for analyzing malicious PDF files, focusing on the open-source PDF analysis framework called phoneypdf. Students will learn to leverage the Adobe PDF DOM and XFA for in-depth insights into a PDF's layout, XFA, and JavaScript execution. The teaching method includes presentations on existing work, new techniques, and hands-on examples. This course is intended for individuals interested in cybersecurity, malware analysis, and PDF file analysis.
Overview
Syllabus
Intro
Lightning version
Adobe Reader
Code Exec Vulns in Reader
Previous Work
Design
The Parser
Parsing is not fun
Example #1: Raw to Python
Example #2
The Analysis Engine
JavaScript #2
Adobe DOM Emulation
Adobe XML Forms Architecture / X
'Render' the PDF
Handlers
Open Source
Taught by
nullcon