Skip to content

Anatomy of a PDF Exploit

PDF has become the de-facto standard for formatting print documents. Over the years, it has evolved into a feature rich and very complex system. PDF supports embedded Javascript that can be used for form validation and contains support for different image formats and 3D models, etc. As a result, PDF implementations have numerous vulnerabilities that can be exploit by adversaries to gain control over a user’s computer. Here are a number of CVEs that are currently being exploited in the wild: CVE-2007-5659, CVE-2008-2992, CVE-2009-0927, CVE-2009-2994, CVE-2009-4324, CVE-2010-0188.

In this blog post, we are going to look at current exploitation of CVE-2010-0188: An integer overflow in the parsing of the dot range option in TIFF files. The vulnerability was publicly announced in February 2010. Examples of exploit code are readily available on the Internet and a very good explanation of how the exploit works has been provided by Fortinet.

The exploit described by Fortinet utilizes an AcroForm described in XML. The XML contains an image field with an embedded TIFF image that triggers the vulnerability.

Continue reading "Anatomy of a PDF Exploit"
Categories: Hacking, Malware, Security
Defined tags for this entry: , ,

Heat treating the Wakizashi

Heat treating a sword using a water quench is a tense affair as the sword my crack and many hours of work may be lost. This video shows heat treating a wakizashi I made from forge welded cable that was folded several times. The Japanese differential heat treat calls for coating the back of the blade with a clay layer that retards the quench and allows the covered part of the steel to remain softer. The border between harder and softer steel becomes visible as hamon. Although, the heat treating was successful, the blade developed a welding flaw and at this point it looks like 20 hours of work might have been lost.
Categories: Hacking
Defined tags for this entry: ,

Folding Steel

Folded SteelWhen examining a traditionally forged Japanese sword, the steel structure (hada) often looks like wood grain. This structure is a result of folding and forge welding tamahagane. To simulate such hada without using expensive tamahagane, I took 24in of 1in diameter steel cable and forge welded it into a single piece of steel. That steel was then folded 7 times with some surface manipulation and then forged into a small wakizashi. The picture shows the tang after the scale was removed, polished and then lightly etched to show the grain. The steel structure seems similar to mokume hada. Now, I just need to find the time to shape, heat treat, polish and mount the sword. Expect progress pictures as work permits - probably in a few months.
Categories: Hacking
Defined tags for this entry: , ,

Railroad Spike Knife

Blacksmith KnifeThe is a knife made from a high carbon railroad spike. The blade is flat ground and about 4.5in long. The whole knife is a little bit longer than 10in. The twist in the handle feels nice in the hand. HC in this case apparently means 1030 which is pretty low carbon content for a knife. While it got to be very sharp, the edge is probably not going to stay that way for very long.

Blacksmith Knife (finished)Forging this was a lot of fun and using the spring fuller really helped with separating the steel from the handle and the blade. Making this knife actually didn't take very long. About an hour of forging time, a couple hours of grinding and polishing.

Categories: Hacking
Defined tags for this entry: ,

Libevent 2.0.4-alpha released

Libevent 2.0.4-alpha is now available for download:

The complete change list is available here.

Some of the feature improvements include:
  • bufferevents can now be rate limited
  • http connections can now resolve host names asynchronously
  • a facility for lock debugging
  • arc4random() for evdns

However, we (that means mostly Nick) have also made a large number of bug fixes and stability improvements across many platforms. Many thanks to everyone who helped by providing bug reports and patches including Brodie Thiesfield, Dagobert Michelsen, Evan Jones, Joachim Bauch, Pavel Plesov, Roman Puls, Sebastian Hahn, William Ahern, Yasuoka Masahiko and Zhuang Yuyao.

In a separate email, Nick also provided a much more verbose description of what all changed.
Categories: Libevent, News
Defined tags for this entry: ,

Cable Tantos

Cable TantoAlthough, I have made various attempts at forging knives, this tanto is the first knife I have completed. It's a shinogi-zukuri tanto with choji hamon. The steel was made from forge-welded high carbon cable. Originally, this was supposed to become a wakizashi, but due to a bad hammer blow when forging the sunobe, I had to fold it over and no longer had enough steel for a longer blade. As a result, the blade is only about 9in long. The habaki was made from brazed copper and the shira-saya was carved from a popular blank.

Cable TantosThe picture to the left shows two more cable tantos in various stages of progress. The top one had some rough grinding done to it whereas the bottom one is straight from the forge. Only about 10% of the time is actually spent forging the blades. The rest of time is spent grinding, polishing and working on the habaki as well as on the saya and everything else.

Categories: Hacking
Defined tags for this entry: , , ,