In this article, the author discusses using PDF files as an attack vector, showcasing various techniques such as PDF Injection, XSS, Stealing Credentials, Opening Malicious Links, and Remote Code Execution (RCE). The author dives deep into injecting JavaScript code in PDF files, stealing credentials through phishing attacks, embedding malicious links, and exploiting vulnerabilities in PDF readers for RCE. Surprisingly, the author provides a step-by-step guide on how to exploit CVE-2018-9958 using outdated PDF readers. Additionally, they emphasize the importance of red team and blue team skills to understand both attacking and defending techniques. The article also covers tools like peepdf and pdf-parser for analyzing malicious PDFs effectively.
https://0xcybery.github.io/blog/hacking-with-pdf