Obfuscate pdf's?

[craigfreyman at gmail.com (Craig Freyman)]

Point taken...

On Thu, Mar 11, 2010 at 12:12 PM, Rob Fuller <jd.mubix at gmail.com> wrote:

> Write your own? ;-) So most of the AVs flag on the public javascript
> strings that are used to exploit the vulns, so no matter if you put calc.exe
> in as a payload or Sub7 you'll still flag.
>
> However there are "other" ways to trigger them, I am told...
>
>
> --
> Rob Fuller | Mubix
> Room362.com | Hak5.org | TheAcademyPro.com
> Ignore this:
> X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
>
>
>
> On Wed, Mar 10, 2010 at 3:41 PM, Craig Freyman <craigfreyman at gmail.com>wrote:
>
> > Is there a clever way to obfuscate a pdf exploit/payload? All of my nasty
> > pdfs are being picked up by my AV. Looks like this will be in msfencode in
> > 3.4 http://www.metasploit.com/redmine/issues/706 but wondering if there
> > was a way to do it now.
> >
> > Thanks,
> >
> > -Craig
> >
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom at mail.pauldotcom.com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
>
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100311/c1a9ab31/attachment.htm