Released v1.3.3. of #Yaralyzer, my surprisingly popular tool for visualizing YARA rule matches with colors (a lot of colors).

1. --export-png images lets you export images of the analysis

2. almost all command line options (including multi argument ones like --yara-rules-dir) can be permanently set via environment variables or .yaralyzer file

3. couple of small bug fixes and debugging related command line options

You can try it on the web here: https://yaratoolkit.securitybreak.io/
(I didn't build this website, Thomas Roccia from Microsoft just integrated Yaralyzer into his existing site)

- Github: https://github.com/michelcrypt4d4mus/yaralyzer
- Pypi: https://pypi.org/project/yaralyzer/
- on macOS you can also get it with #Homebrew by installing Pdfalyzer: brew install pdfalyzer

#ascii #asciiArt #blueteam #cybersecurity #detectionEngineering #DFIR #forensics #FOSS #GPL #hacking #infosec #KaliLinux #maldoc #malware #malwareAnalysis #malwareDetection #openSource #pypi #python #redteam #reverseEngineering #reversing #Threatassessment #threathunting #YARA #YARArule #YARArules

Released v1.17.0 of The Pdfalyzer, the surprisingly popular tool for analyzing (possibly malicious) PDFs I created after my own unpleasant experience. Now ships with two command line tools for extracting stuff from PDF files:

1. extract_text_from_pdfs() - brute force extract all text from a PDF, including doing an #OCR extraction of any embedded images

2. extract_pdf_pages() - rip a page range from a #PDF and write them to a new one

* Github: https://github.com/michelcrypt4d4mus/pdfalyzer
* Pypi: https://pypi.org/project/pdfalyzer/
* Homebrew: https://formulae.brew.sh/formula/pdfalyzer
* Fun thread someone made last week using Pdfalyzer to explain some of how byzantine the PDF format is: https://x.com/VikParuchuri/status/1965773078585344215

#pypi #python #pdf #pdfs #malware #Threatassessment #maldoc #malwareanalysis #homebrew #infosec #cybersecurity #yararule #PdfFies

Just published version 1.16.6 of The Pdfalyzer, the surprisingly popular tool for analyzing (possibly malicious) PDFs I created after my own unpleasant encounter with such a creature. Includes a (kind of janky) #YARA rule for #GIFTEDCROOK infostealer PDFs.

* Github: https://github.com/michelcrypt4d4mus/pdfalyzer
* Pypi: https://pypi.org/project/pdfalyzer/
* Homebrew: https://formulae.brew.sh/formula/pdfalyzer

#pypi #python #pdf #pdfs #malware #Threatassessment #maldoc #malwareanalysis #homebrew #infosec #cybersecurity #yararule

The embedded Word document contains a VBS macro that is designed to download and install an MSI malware file if opened as a .DOC file in Microsoft Office.

#malware #cybersecurity #PDF #MalDoc

https://cybersec84.wordpress.com/2023/09/04/new-polyglot-maldoc-attack-in-pdf-evades-antivirus/

Beware of #MalDoc in #PDF: A New Polyglot Attack Allowing Attackers to Evade Antivirus ⚠️

https://thehackernews.com/2023/09/beware-of-maldoc-in-pdf-new-polyglot.html

Polyglots sind Dateien, die zwei unterschiedliche Dateiformate enthalten, die je nach der Anwendung, die sie öffnet, als mehr als ein Dateityp interpretiert und ausgeführt werden können.

Angreifer machen sich das jetzt mit #MalDoc zunutze. https://t.co/ZBUxxp6Tbz

A Japanese agency managed to detect a ‘#MalDoc in PDF’ attack, involving #PDFs with embedded malicious #Word files that bypass detection by traditional PDF analysis tools.
#Japan #cybersecurity #infosec #malware

https://cybernews.com/news/jpcert-maldoc-malicious-pdf-attack/