https://hexpysya.github.io/tags/pdf/Recent content in PDF on bubka hacks stuffHugo -- gohugo.ioen-usSat, 07 Mar 2026 00:00:00 +0000https://hexpysya.github.io/investigations/htb-a-call-from-the-museum/Sat, 07 Mar 2026 00:00:00 +0000https://hexpysya.github.io/investigations/htb-a-call-from-the-museum/A phishing email with a password-protected ZIP delivered an LNK file that executed an obfuscated PowerShell stager — collecting system fingerprint data, checking in to a C2, and fetching a next-stage implant using hardcoded credentials. A decoy PDF was opened simultaneously to distract the victim.https://hexpysya.github.io/investigations/metasploit-adobe_pdf_embedded_exe_nojs/Sat, 22 Nov 2025 00:00:00 +0000https://hexpysya.github.io/investigations/metasploit-adobe_pdf_embedded_exe_nojs/A malicious PDF uses a Launch action to execute cmd.exe, which runs an inline VBScript that reads hex-encoded shellcode directly from the PDF body, writes it to disk as an executable, and launches a Metasploit reverse shell.https://hexpysya.github.io/investigations/metasploit-adobe-pdf-embedded-file/Fri, 21 Nov 2025 00:00:00 +0000https://hexpysya.github.io/investigations/metasploit-adobe-pdf-embedded-file/A malicious PDF exploits JavaScript and Launch actions to extract and execute an embedded PE payload, establishing a reverse shell connection to an attacker-controlled server.