These begin with the object’s index number, a generation number and the “obj” keyword, as we can see at lines 3 and 19, which show the start of the definitions for the first two objects in the file: The body or contents of a PDF file are listed as numbered “objects”.
#PDF SUITE 2018 STANDARD PACKAGE HOW TO#
However, with a bit of knowledge of PDF file structure, we can start to see how to decode this without too much trouble. At first glance, it might look indecipherable: We can safely open a PDF file in a plain text editor to inspect its contents. To get a better understanding of how such attacks work, let’s look at a typical PDF file structure. “One of the easiest and most powerful ways to customize PDF files is by using JavaScript.” (Adobe) In other cases, attackers might leverage AcroForms or XFA Forms, scripting technologies used in PDF creation that were intended to add useful, interactive features to a standard PDF document. Most browsers contain a built-in PDF reader engine that can also be targeted. Remember that PDF readers aren’t just applications like Adobe Reader and Adobe Acrobat. In some kinds of malicious PDF attacks, the PDF reader itself contains a vulnerability or flaw that allows a file to execute malicious code.
Regular readers of the SentinelOne blog will be familiar with the idea of malicious Office attachments that run VBA code from Macros or use DDE to deliver attacks, but not so well-known is how PDFs can execute code.
In this post, we’ll take you on a tour of the technical aspects behind malicious PDF files: what they are, how they work, and how we can protect ourselves from them. Like other files that can come as attachments or links in an email, PDF files have received their fair share of attention from threat actors, too. Most of us are no strangers to phishing attempts, and over the years we’ve kept you informed about the latest tricks used by attackers in the epidemic of phishing and spear-phishing campaigns that plague, in particular, email users.