[Owasp-Malaysia] pyew,python binary diassembler

Muhammad Najmi Ahmad Zabidi najmi.zabidi at gmail.com
Wed Mar 31 22:55:12 EDT 2010


At first I have a thought whether this would be appropriate for OWASP,
since Web apps should concern on port 80, 8080,443 , or maybe you deal
with strange http port (heh).

Later decided to post since PDF is application based attack, hence the
method of outbreak is via web.

Didier also wrote couple of tools and host them here:
http://blog.didierstevens.com/programs/pdf-tools/

His tool even can be used for you to include your own JS to PDF.


On Thu, Apr 1, 2010 at 10:43 AM, Amir Haris Ahmad <amir at localhost.my> wrote:
> Cool and good info, will give a try.
>
> On Thu, Apr 1, 2010 at 9:50 AM, Adnan bin Mohd Shukor
> <adnan.shukor at gmail.com> wrote:
>>
>> me.. the pdf analysis features is kewl as well ;)
>>
>> On 1 April 2010 08:55, Muhammad Najmi Ahmad Zabidi
>> <najmi.zabidi at gmail.com> wrote:
>> > Hello,
>> >
>> > Anyone is using pyew?
>> >
>> > http://code.google.com/p/pyew/
>> >
>> > najmi at notre-dame:/var/lib/nepenthes/binaries$ ~/pyew/pyew.py
>> > 1f8a826b2ae94daa78f6542ad4ef173b
>> > PE Information
>> >
>> > Sections:
>> >    0x1000 0x20000 75776
>> >    0x21000 0x2000 3584
>> >    0x23000 0xf6000 36864
>> >    0x119000 0x8000 30720
>> >
>> > Entry Point at 0x1c85c
>> > Virtual Address is 0x51905c
>> > Code Analysis ...
>> >
>> > [0x00000000]> vt
>> > File 1f8a826b2ae94daa78f6542ad4ef173b with MD5
>> > 1f8a826b2ae94daa78f6542ad4ef173b
>> >
>> > -------------------------------------------------------------------------------
>> >
>> > McAfee+Artemis           : W32/Sdbot.worm.gen.x
>> > nProtect                 : Backdoor/W32.RBot.155648.W
>> > CAT-QuickHeal            : I-Worm.Bobic.hq
>> > McAfee                   : W32/Sdbot.worm.gen.x
>> > K7AntiVirus              : Backdoor.Win32.Rbot
>> > TheHacker                : Backdoor/Rbot.aftu
>> > VirusBuster              : Worm.Rbot.AFAE
>> > NOD32                    : Win32/Rbot
>> > F-Prot                   : W32/Trojan5.DCW
>> >
>> >
>> > And... the rest of the AV lines results.
>> > _______________________________________________
>> > Owasp-Malaysia mailing list
>> > Owasp-Malaysia at lists.owasp.org
>> > https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>> >
>> > OWASP Malaysia Wiki
>> > http://www.owasp.org/index.php/Malaysia
>> >
>> > OWASP Malaysia Wiki Facebook
>> > http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>> >
>> _______________________________________________
>> Owasp-Malaysia mailing list
>> Owasp-Malaysia at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>>
>> OWASP Malaysia Wiki
>> http://www.owasp.org/index.php/Malaysia
>>
>> OWASP Malaysia Wiki Facebook
>> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>
>


More information about the Owasp-Malaysia mailing list