Saturday, February 11, 2017

Quick and dirty malicious PDF analysis

Analyzing weird things forwarded by friends and family is a great way to keep my DFIR skills sharp.

Friends and family regularly send me things they find suspicious or weird. Sometimes it turns out to be malicious, and other times perfectly fine, but I'm always glad to know I've instilled a proper degree of skepticism in my friends.

My willingness to help has an ulterior motive: aside from the "herd immunity" that comes from helping those around me stay safe, analyzing weird things they see helps me keep my own skills sharp. It also can alert me to new or resurging threats, such as the Disney theme park scams so common around customary family travel periods.

Today's story is about a phish. A simple phish, but one with lots of red flags to call out, and that called to my attention some new features Google introduced in Chrome last month. As with many phish, this one begins with an email. Nothing fancy, just a brief memo that a voice message has arrived.

Whois David?

My photo

I have spent the better part of two decades in information technology and security, with roots in application developer support, system administration, and network security. My specialty is cyber threat intelligence - software vulnerabilities and patching, malware, social networking risks, etc. In particular, I strive to write about complex cyber topics in a way that can be understood by those outside the infosec industry.

Why do I do this? A common comment I get from friends and family is that complex security topics give them headaches. They want to know in simple terms how to stay safe in a connected world. Folks like me and my peers have chosen to make a profession out of hacking and defending. I've been doing this for the better part of two decades, and so have a high degree of knowledge in the field. Others have chosen different paths - paths where I would be lost. This is my effort to share my knowledge with those that are experts in something else.

When not in front of a digital screen, I spend my time raising five rambunctious teens and pre-teens - including two sets of twins. Our family enjoys archery, raising show and meat rabbits, and simply enjoying life in the Texas hill country.

For a decade I served as either Commander or a division leader for the Awana Club in Dripping Springs, Texas; while I have retired from that role I continue to have a passion for children's ministry. At the moment I teach 1st through 3rd grade Sunday School. Follow FBC Dripping Springs Kids to see what is going on in our children's ministries.