We’re going to talk about how to address infected PDF files and extract malicious indicators from within them without endangering yourself or your PC. Dealing with infected pdf and doc files happens nearly all day in IT security operations centres. The users may report phishing, and our job as security analysts will be to figure out if those files are malicious or not. We have to do that safely, quickly, and accurately.
Let’s consider a scenario where we have received a pdf file in the mail or other methods. We don’t know whether the pdf file is infected or not, and we are not able to use most of the soc tools. So we have to manually check if the pdf contains any phishing attack.
The first thing we need for malware analysis is to get ourselves a virtual machine. It is highly advisable never to play with any malware files on your computer or any computer you care about.
The easiest way to seclude malicious files in a safe space is to put them in a virtual machine and then isolate that virtual machine from the rest of the network and our computer.
The virtual machine that is going to be discussed in this blog is REMnux.