https://grey-panther.net/2008/10/fun-with-shellcode.html Just another WordPress site Thu, 30 Oct 2008 15:04:46 +0000 hourly 1 https://wordpress.org/?v=7.0 https://grey-panther.net/2008/10/fun-with-shellcode.html#comment-638 Thu, 30 Oct 2008 15:04:46 +0000 https://grey-panther.net/?p=615#comment-638 I found the same handle brute-forcing technique in the second-stage shellcode of a malicious PDF document. But the malware author allowed for a certain size range, let’s say the PDF document had to be between 10.000 and 10.100 bytes. It’s hard to predict the final size of a PDF document if it’s saved in the default way (/FlateDecode: compressed with zlib).

]]>