PaulDotCom mailing list archives
Obfuscate pdf's?
From: craigfreyman at gmail.com (Craig Freyman)
Date: Thu, 11 Mar 2010 18:00:19 -0700
Point taken... On Thu, Mar 11, 2010 at 12:12 PM, Rob Fuller <jd.mubix at gmail.com> wrote:
Write your own? ;-) So most of the AVs flag on the public javascript strings that are used to exploit the vulns, so no matter if you put calc.exe in as a payload or Sub7 you'll still flag. However there are "other" ways to trigger them, I am told... -- Rob Fuller | Mubix Room362.com | Hak5.org | TheAcademyPro.com Ignore this: X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* On Wed, Mar 10, 2010 at 3:41 PM, Craig Freyman <craigfreyman at gmail.com>wrote:Is there a clever way to obfuscate a pdf exploit/payload? All of my nasty pdfs are being picked up by my AV. Looks like this will be in msfencode in 3.4 http://www.metasploit.com/redmine/issues/706 but wondering if there was a way to do it now. Thanks, -Craig _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100311/c1a9ab31/attachment.htm
Current thread:
- Obfuscate pdf's? Craig Freyman (Mar 10)
- Obfuscate pdf's? Rob Fuller (Mar 11)
- Obfuscate pdf's? Craig Freyman (Mar 11)
- Obfuscate pdf's? Rob Fuller (Mar 11)