Fri Oct 30 16:24:39 2009 http://security-labs.org/origami Latest news about origami in (malicious) PDF en origami Oct 30, 2009 http://security-labs.org/origami/#b2 http://security-labs.org/origami/#b2 origami Oct 6, 2009 http://security-labs.org/origami/#b2 http://security-labs.org/origami/#b2 origami version 1.0.0-beta1 while at HITB comes up with the ability to forge documents with more graphical contents (such as shapes, colors, gradients...). However, graphical contents modifications from existing documents are not supported. Some templates have been added to quickly create forms widgets. Linearized documents might cause issues during recompilation of existing documents, so a new feature has been added to delinearize a document. A new flag is also present to (syntactically) obfuscate a PDF upon saving, which might be useful to confuse a later analysis. This new version fixes various bugs and slightly improves performance. ]]> Jun 26, 2009 http://security-labs.org/origami/#b2 http://security-labs.org/origami/#b2 origami Is this PDF malicious? dealing with the analysis of a suspicious PDF file. ]]> July 6, 2009 http://security-labs.org/origami/#b2 http://security-labs.org/origami/#b2 origami

sources/scripts/

• scan/pdfscan.rb: a scanner for malicious PDF, or get a quickview of what is going to happen when handling a given PDF.
• antivir/pdfclean.rb: a script to remove all dynamic features from a PDF file.
• metadata: extract metadata from a PDF, that is author, creation date, and some other piece of information.

sources/samples/open/: 4 ways to trigger events when a PDF is opened (see here).

Parser: add support for new objects (XRef streams, Object streams, PNG stream predictor functions).

]]> Jun 26, 2009 http://security-labs.org/origami/#b1 http://security-labs.org/origami/#b1 origami article. It deals with how to trigger an action when a PDF is opened... ]]>