This content is open to everyone — sign in to save your progress, earn points, and unlock module exams.
Topic 4.4 of Malicious Web & Document Files
PDF file structure, five attack vectors, pdfid.py triage, pdf-parser.py object extraction, PDF stream filter decoding, JavaScript analysis workflow, and a quick triage decision tree.
By the end of this topic, you will
Quadrant 1 · e-Tutorial
Quadrant 2 · e-Content
Quadrant 3 · Web Resources
Downloadable reference material
External links
Didier Stevens PDF Tools — pdfid and pdf-parser
Official download page for pdfid.py and pdf-parser.py by Didier Stevens. Included in REMnux and FlareVM.
peepdf — Interactive PDF Analysis Tool
Interactive PDF analysis shell with JavaScript emulation via SpiderMonkey. Install on REMnux or via pip.
REMA eBook 2026 — Chapter 4, Malicious PDF Analysis
Full PDF structure diagrams and attack vector tables in the REMA eBook Chapter 4.
Quadrant 4 · Self-Assessment
Malicious Web & Document Files
Covers drive-by download attacks, JavaScript de-obfuscation, malicious PDF analysis, RTF exploitation, and Microsoft Office macro malware.
REMA Complete Assessment
A comprehensive 120-question assessment covering the entire Reverse Engineering and Malware Analysis curriculum: malware taxonomy and reverse engineering fundamentals, static and dynamic analysis, reversing malicious code, malicious web and document files, in-depth analysis of packed and fileless malware, and self-defending malware techniques.