Cyber Threat Intelligence by Ali Dehghantanha Mauro Conti & Tooska Dargahi

Author:Ali Dehghantanha, Mauro Conti & Tooska Dargahi
Language: eng
Format: epub
Publisher: Springer International Publishing, Cham

Content Streams

These are PDF stream objects whose data consists of a sequence of instructions describing the appearance of any graphical entity to be rendered on a page. These objects are distinct from the basic types of data objects. The instructions can also refer to other indirect objects which contain information about resources used by the stream.

2.2 PDF Document Obfuscation Techniques

Obfuscation is a well-known approach leveraged by malware coders to hide malicious code from inspection efforts. Code obfuscation is, in general, a legitimate technique that is widely used to protect proprietary code, however it is also one of the best evasion techniques used by malicious coders to fool malware detection systems (especially those based on signature matching) or to make the work of an expert analyst more complex and time consuming. Kittilsen listed several techniques [5] that are usually employed to hide JavaScript code in PDF files. Separating Malicious Code over Multiple Objects: the code embedded in the PDF document is fragmented among several objects and reassembled upon execution. This technique is made possible by exploiting the reference feature that is relevant to the indirect objects.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.