This is the fourth and the last of the forensics challenge in the CSAW CTF 2014 competition. It was much harder than the three before, but it was also much more interesting.
The challenge starts with the following text:
OH NO WE'VE BEEN HACKED!!!!!! -- said the Eye Heart Fluffy Bunnies …
The third forensics challenge starts with the following text:
see or do not see
Written by marc
Hacking PDFs, what fun!
In general, when dealing with reverse-engineering malicious documents, we follow these steps: