Articles et outils à propos de Python, Sécurité Informatique, etc.

Origapy - a Python module to sanitize PDF files

Origapy is a Python interface to Origami, a PDF parser written in Ruby. It provides access to pdfclean.rb, in order to sanitize PDF files by disabling all active content (javascript, launch actions, embedded files, etc). Because Origami is a full PDF parser, it is much more effective than PDFiD (when sanitizing/disarming PDF files), but also quite slower.

PDFiD - a Python module to analyze and sanitize PDF files

PDF files may be used to trigger malicious content, as described here. PDFiD is a Python tool to analyze and sanitize PDF files, written by Didier Stevens. Here is PDFiD_PL, a version that I have slightly modified so that it can be imported as a module in Python applications (originally for ExeFilter).

pyxmldsig - a Python module to create and verify XML Digital Signatures (XML-DSig)

pyxmldsig is a Python module to create and verify XML Digital Signatures (XML-DSig). This is a simple interface to the PyXMLSec library, aiming to provide a more pythonic API suitable for Python applications.

How to obtain the binary representation of an integer in Python

With Python 2.6+, that's quite simple:

print "{0:b}".format(i)

ExeFilter vs. the Escape from PDF (CVE-2010-1240)

On the 29 March 2010, Didier Stevens revealed in his blog that he found a way to launch an executable file stored in a PDF document, without using any JavaScript or buffer overflow. This short article shows how ExeFilter can be used to sanitize such PDF files to block this type of attack.

SSTIC10 - Visualisation et Analyse de Risque Dynamique pour la Cyber-Défense

Article à propos de la visualisation et l'analyse de risque dynamique en cyber-défense, présenté au symposium SSTIC le 9 juin 2010.

Python crash course

This is a Python course I have written to quickly teach Python to my colleagues and students, made of slides and samples for hands-on exercises.

Using ExeFilter against PDF exploits and zero-days such as CVE-2009-4324

This short article shows how ExeFilter can be used to disable JavaScript in PDF files, which is effective against many Adobe Reader exploits discovered in 2009, including the recent zero-day CVE-2009-4324.

How to create X509 certificates for testing

This page provides a few methods to create X509 certificates for testing purposes.

How to install Ruby 1.8.6 and Ruby-GTK2 on Windows

I had to search quite a bit to find the easiest way to install Ruby and ruby-gtk2 on Windows. Here's what I found so far:

Syndiquer le contenu