Virus total with origami?

Fri 19 June 2009 by fred

While writing the previous article, I decided to run a simple test: hide a well-known virus in a PDF file, and let's see what happens. Results are beyond expectation!

The test I made was really simple:

  • Take the EICAR test file
  • Take an innocent PDF file (it has been ...
read more

Streams and filters in PDF with origami

Fri 19 June 2009 by fred

As we explained in the previous article, streams are a really important kind of object in PDF. Any data is represented as a stream. However, keeping raw data in a file can be inefficient (think about encoding or size issues for instance). So, this article shows how to create / manipulate ...

read more

Playing with origami in PDF

Fri 19 June 2009 by fred

PDF file format is now very common. It is regarded as secure because most people believe it is static. It is not. In order to prove it, we have developed a Ruby framework, origami designed to play with PDF files.

Some code being usually more helpful than long writing, let ...

read more

Metasm classes (2)

Fri 08 May 2009 by jj

This article will explore a bit of the framework internals to show how decoding executable files and instructions is handled.

We've seen last week a high-level overview of disassembly using metasm.

This article will dive into the code to see how things are done under the hood.

Executable file ...

read more

Metasm classes (1)

Tue 28 April 2009 by jj

This post will show the basic usage of the metasm framework as a disassembler, by following step by step the disassemble.rb sample script.

First of all, you'll need to install ruby on your machine, and download the framework from

Script options

The reference script ...

read more

Désérialization d'objets java à la volée

Wed 06 February 2008 by jj

Récemment lors d'un audit nous avons été confronté au besoin d'interpréter et de modifier des objets java sérializés. Ça a été l'occasion de développer une librairie à cet effet. Librairie écrite bien entendu en Ruby.

L'application auditée est constituée d'une applet qui s'exécute dans ...

read more