But when it comes to opening pdf documents, whether it be an email. Take a look at the ubuntubased malware analysis toolkit. Eric huber, a digital forensics expert and another source of mine had this to say. This cheat sheet presents tips for analyzing and reverseengineering malware. Malware analysts cookbook and dvd tools and techniques for fighting malicious code michael hale ligh steven adair. Lenny zeltser on information security asymmetry of data value, social engineering, and what to do security professionals generally agree that social engineering is a highly effective way of.
Malware analysis essentials using remnux by lenny zeltser. Targeting a vulnerability in acrobat reader is one of the more popular ways of compromising systems nowadays. Inside network perimeter security 0735712328 stephen northcutt, lenny zeltser, scott winters, karen kent frederick, and ronald w. Lenny zeltser is chief information security officer and was previously vp of product at axonius. Analyzing pdf malware part 1 trustwave spiderlabs trustwave. For additional references from sans faculty members, see the community. We still have much to learn for dealing with flash programs in pdf files. Malicious pdf files are frequently used as part of targeted and massscale computer attacks. Session title evasion tactics in malware from the inside. Many remnux tools and techniques are discussed in the reverseengineering malware rem course at sans institute, which lenny. Tips for troubleshooting human communications lenny zeltser. Zeltser s sources a list of malware sample sources put together by lenny zeltser. Analyzing malicious documents cheat sheet lenny zeltser.
Learn malware analysis fundamentals from the primary author of sans course for610. Lenny is active on twitter and writes a security blog. He currently serves on sans board of technology directors and is chief information security officer ciso at. Lenny zeltser security consulting manager, savvis senior faculty member, sans institute handler, sans internet storm center. A curated list of awesome malware analysis tools and resources. Selfpaced, recorded training with four months of access to course materials and labs. Fighting malicious code is intended for system administrators, network personnel, security personnel, savvy home computer users, and anyone else interested in keeping their systems safe from attackers. He is presently the ciso at axonius and an author and instructor at sans institute. How to extract flash objects from malicious pdf files, lenny zeltser. Analyzing malicious documents this cheat sheet outlines tips and tools for analyzing malicious documents, such as microsoft office, rtf and adobe acrobat pdf files. Lenny zeltser on informatio security through education. The free reverse engineering malware tools provided in lenny zeltser s linux distribution remnux may.
Pearson inside network perimeter security, 2e stephen. Analyzing malicious documents cheat sheet this cheat sheet outlines tips and tools for analyzing malicious documents, such as microsoft office, rtf and adobe acrobat pdf files. Prior to axonius, zeltser led security product management at minerva. Lenny zeltser from sans keeps a cheat sheet for the tags you should lookout for here. He also teaches how to analyze malware at sans institute. Cheat sheets page on the sans digital forensics and incident response site. Pdf stream dumper is a free tool for analyzing suspicious pdf. He was a primary author of the first edition of inside. Remnux usage tips for malware analysis on linux cheat.
Take a look at the ubuntubased malware analysis toolkit remnux. Authored by lenny zeltser with feedback from pedro bueno and didier stevens. How to analyze malware with remnuxs reverseengineering. How to extract flash objects from malicious pdf files. Lenny zeltser 6 free local tools for analyzing malicious pdf files malicious pdf files are frequently used as part of targeted and massscale computer attacks. Lenny zeltser s work in information security draws upon experience in system administration, software architecture, and business administration.
In regards to malicious pdf files the security industry saw a significant increase of vulnerabilities after the second half of 2008 which might be related. Malware analysis che at sheet the analysis and reversing tips behind this reference are covered in the sans institute. Zeus source code source for the zeus trojan leaked in 2011. This article describes the pdf file format, related security issues and useful. Peepdf, a new tool from jose miguel esparza, is an excellent addition to the pdf analysis toolkit for examining and decoding suspicious pdfs for this introductory walkthrough, i will take a quick look at the malicious pdf. Credit for the incident response checklists guidance comes from several guides written by lenny zeltser, and i hope this post has provided you with a framework that. If you are interested in learning how to combat malware, i know just the guy lenny zeltser. Attackers continue to use malicious pdf files as part of targeted attacks and massscale clientside exploitation. Attendees will also learn practical skills for analyzing malware to. Peepdf, a new tool from jose miguel esparza, is an excellent addition to the pdf analysis toolkit for examining and decoding suspicious pdfs for this introductory walkthrough, i will take a quick look at the malicious pdf file that i obtained from contagio malware dump. Remnux is maintained by lenny zeltser with extensive help from david westcott. To get a general sense for how to analyze with malicious pdf files, take. This would actually be a real pdf portable document format if you wanted to open a document in some application that was different from the authoring application, you could.
Lenny zeltser focuses on safeguarding customers it operations at ncr. Executive editor carol long project editor maureen spears technical editor michael gregg production editor. How to analyze malware with remnuxs reverseengineering malware tools. Authored by lenny zeltser with feedback from anuj soni. Malicious documents pdf analysis in 5 steps mass mailing or targeted campaigns that use common files to host or exploit code have been and are a very popular vector of attack. Computer security expert and highly acclaimed author ed skoudis focuses on one of the biggest areas of computer attacksmalicious code.
Inside network perimeter security 0735712328 stephen. Other accomplishments include authoring and editing of sans giac training and certification course content, as well as exam content. If youre youd like to learn how to analyze malicious pdfs, check out the reverseengineering malware. Rss you can now take my malware analysis and cybersecurity writing courses online in two formats at sans institute, depending on how you prefer to learn. Lenny zeltser develops teams, products, and programs that use information security to achieve business results. Malicious code analysis and related topics are covered in the sans institute course for610. She is the former editor in chief of cso and a veteran editor, writer and content strategist with.
Lenny zeltser is an information security and malware analysis expert. The definitive guide to firewalls, vpns, routers, and intrusion detection systems inside new riders by stephen northcutt, karen frederick, scott winters, lenny zeltser. Security consultant lenny zeltser has released a lightweight version of ubuntu that includes a. There are several ways in which you can also contribute to the project, as outlined below. If you can recommend additional tools or techniques, please leave a comment. Malicious documents pdf analysis in 5 steps by luis rocha. Cheat sheet for analyzing malicious software lenny zeltser.
Fileinsight hex editors can parse and edit ole structures. Malware fighting malicious code is a required reading for a graduate course i am currently taking. Of course, everyone has his or her own preferences. As you see, it is possible to embed javascript within pdf documents. Reverseengineering malware cheat sheet remnux linux distribution for malware analysis. Analyzing suspicious pdf files with pdf stream dumper. Being able to analyze pdfs to understand the associated threats is an increasingly important skill for security incident responders and digital forensic analysts.
Analyzing suspicious pdf files with peepdf lenny zeltser. The session explains how malware evades detection and why specific evasion tactics are effective in the wild. Edit data in memory or instruction opcode instruction. Tips for reverseengineering malicious code cheat sheet. At first, when i saw the publication date, i wasnt entirely excited about its age. Malicious documents pdf analysis in 5 steps count upon. Inside network perimeter security, second edition is your guide to preventing network intrusions and defending against any intrusions that do manage to slip through your perimeter. Inside network perimeter security 2nd edition inside. Knowing how to analyze malware has become a critical skill for incident responders and forensic investigators. Analyzing malicious documents cheat sheet sans forensics. Inside network perimeter security, second edition inside.