If you take two people, one of them is a learn-it-all and the other one is a know-it-all, the learn-it-all will always trump the know-it-all in the long run

– Satya Nadella on culture at Microsoft, inspired by Carol Dweck’s book, Mindset.

Inspecting a PDF File

I recently had to complete some work with inspecting a PDF file for malicious content. This was an interesting experience so I thought I’d share the approach I took to review the file from a sandboxed environment:

1. Start with using a service such as virustotal.com, scanii.com, metadefender.com to scan the file

2. Use Adobe Acrobat to browse the internal PDF structure. Launch the PreFlight Tool (Print Production > Preflight) and then under Options select Browse Internal PDF Structure.

3. Use an Adobe PDF meta data application to inspect the file. Here are some I used that were quite helpful:

peepdf.py – PeePDF is a Python based tool to explore PDF files

pdfid.py – PDFID is a Python based tool to scan the file looking for certain PDF keywords. For e.g., does the file contain JavaScript or execute an action when opened

pdf-parser.py – PDF-Parser is a Python based tool to parse a PDF document and identify the fundamental elements used in the file.

Additional Reading:

  1. Checking a PDF for exploits
  2. Viewing PDF objects
  3. PDF Tools from Didier Stevens
  4. Best tool tool for inspecting PDF files?
  5. PDF malware analysis

Additional Tools:

  1. GhostScript
  2. GSView
  3. PDF Validator Online Tool
  4. PDFMiner

Vendor Security Assessment Questionnaires

When sharing data with a vendor, it is important to ensure that the vendor will handle your data with the same level of care and protection that your organization expects or requires.

Google has just released an interactive questionnaire application to help support these security reviews by facilitating not only the collection of information, but also the redisplay of collected data in templated form.

You can test the Google Vendor Security Assessment Questionnaire or contribute and setup your own questionnaire using the source. Specific questionnaires are available below: