Hi all,
Anyone has tried to extract shellcode from PDF? I appreciate if you could list out some better steps.
For me, I will do this as below:
1. Run with pdfId to check there is any Javascript and other object
2. Read it in text editor.
3. Uncompress it with pdf-parser, if needed.
4. However, when I did step 3 and open the file again, the code is uncompressed but there are lots of brackets which cause confusion within the stream content. It seems that I have made a wrong attempt on the compression.
In fact, I have found an analysis from Norway Honeynet Project Team:
http://www.honeynor.no/category/analysis/Thank you to your advice, dudes.
Regards,
0xdf