[Owasp-Malaysia] pyew,python binary diassembler

Mohd Fazli Azran Abd Malek mfazliazran at gmail.com
Wed Mar 31 23:03:49 EDT 2010


Someone i believe have interest on this ...

http://www.owasp.org/index.php/PDF_Attack_Filter_for_Apache_mod_rewrite

http://www.owasp.org/index.php/PDF_Attack_Filter_for_Java_EE

Maybe can help member to understand for pdf attack.

Regards,
Mohd Fazli Azran

On Thu, Apr 1, 2010 at 10:55 AM, Muhammad Najmi Ahmad Zabidi <
najmi.zabidi at gmail.com> wrote:

> At first I have a thought whether this would be appropriate for OWASP,
> since Web apps should concern on port 80, 8080,443 , or maybe you deal
> with strange http port (heh).
>
> Later decided to post since PDF is application based attack, hence the
> method of outbreak is via web.
>
> Didier also wrote couple of tools and host them here:
> http://blog.didierstevens.com/programs/pdf-tools/
>
> His tool even can be used for you to include your own JS to PDF.
>
>
> On Thu, Apr 1, 2010 at 10:43 AM, Amir Haris Ahmad <amir at localhost.my>
> wrote:
> > Cool and good info, will give a try.
> >
> > On Thu, Apr 1, 2010 at 9:50 AM, Adnan bin Mohd Shukor
> > <adnan.shukor at gmail.com> wrote:
> >>
> >> me.. the pdf analysis features is kewl as well ;)
> >>
> >> On 1 April 2010 08:55, Muhammad Najmi Ahmad Zabidi
> >> <najmi.zabidi at gmail.com> wrote:
> >> > Hello,
> >> >
> >> > Anyone is using pyew?
> >> >
> >> > http://code.google.com/p/pyew/
> >> >
> >> > najmi at notre-dame:/var/lib/nepenthes/binaries$ ~/pyew/pyew.py
> >> > 1f8a826b2ae94daa78f6542ad4ef173b
> >> > PE Information
> >> >
> >> > Sections:
> >> >    0x1000 0x20000 75776
> >> >    0x21000 0x2000 3584
> >> >    0x23000 0xf6000 36864
> >> >    0x119000 0x8000 30720
> >> >
> >> > Entry Point at 0x1c85c
> >> > Virtual Address is 0x51905c
> >> > Code Analysis ...
> >> >
> >> > [0x00000000]> vt
> >> > File 1f8a826b2ae94daa78f6542ad4ef173b with MD5
> >> > 1f8a826b2ae94daa78f6542ad4ef173b
> >> >
> >> >
> -------------------------------------------------------------------------------
> >> >
> >> > McAfee+Artemis           : W32/Sdbot.worm.gen.x
> >> > nProtect                 : Backdoor/W32.RBot.155648.W
> >> > CAT-QuickHeal            : I-Worm.Bobic.hq
> >> > McAfee                   : W32/Sdbot.worm.gen.x
> >> > K7AntiVirus              : Backdoor.Win32.Rbot
> >> > TheHacker                : Backdoor/Rbot.aftu
> >> > VirusBuster              : Worm.Rbot.AFAE
> >> > NOD32                    : Win32/Rbot
> >> > F-Prot                   : W32/Trojan5.DCW
> >> >
> >> >
> >> > And... the rest of the AV lines results.
> >> > _______________________________________________
> >> > Owasp-Malaysia mailing list
> >> > Owasp-Malaysia at lists.owasp.org
> >> > https://lists.owasp.org/mailman/listinfo/owasp-malaysia
> >> >
> >> > OWASP Malaysia Wiki
> >> > http://www.owasp.org/index.php/Malaysia
> >> >
> >> > OWASP Malaysia Wiki Facebook
> >> >
> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
> >> >
> >> _______________________________________________
> >> Owasp-Malaysia mailing list
> >> Owasp-Malaysia at lists.owasp.org
> >> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
> >>
> >> OWASP Malaysia Wiki
> >> http://www.owasp.org/index.php/Malaysia
> >>
> >> OWASP Malaysia Wiki Facebook
> >> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
> >
> >
> _______________________________________________
> Owasp-Malaysia mailing list
> Owasp-Malaysia at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>
> OWASP Malaysia Wiki
> http://www.owasp.org/index.php/Malaysia
>
> OWASP Malaysia Wiki Facebook
> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-malaysia/attachments/20100401/e5b35ee3/attachment.html 


More information about the Owasp-Malaysia mailing list