1
00:00:00,450 --> 00:00:01,770
Hello and welcome back.

2
00:00:02,130 --> 00:00:06,560
In this video, we are going to talk about PDAF key words.

3
00:00:07,050 --> 00:00:16,770
So what is bedcovers, PIDF keywords, those actions, elements that describe how P.D.A works.

4
00:00:17,430 --> 00:00:26,390
In a previous video, we saw that a PDF file consists of various sections A, Section B, an object.

5
00:00:26,940 --> 00:00:30,080
And within each object we find keywords.

6
00:00:30,600 --> 00:00:33,020
So some of these keywords are listed here.

7
00:00:33,030 --> 00:00:43,830
For example, the open action keyword or abbreviated is a function of which is to open an action to

8
00:00:43,830 --> 00:00:45,570
execute a script, for example.

9
00:00:46,500 --> 00:00:50,400
The other one is JavaScript, abbreviated as.

10
00:00:52,260 --> 00:00:59,570
So this is a link to the JavaScript that will run when the PDF is open.

11
00:01:00,690 --> 00:01:02,010
Another one will be names.

12
00:01:02,370 --> 00:01:05,720
So names are, for example, maybe names of files.

13
00:01:06,210 --> 00:01:15,150
And this is important to identifying additional files that may be referred to by the PDA documents it

14
00:01:15,180 --> 00:01:24,090
so that we also have the embedded file Keywood, which will show where are the other files embedded

15
00:01:24,120 --> 00:01:28,670
within PDM document itself and which might contain scripts.

16
00:01:29,790 --> 00:01:36,570
Then you also have the you are ikki with or some form keyword and these could be links to other.

17
00:01:36,570 --> 00:01:44,670
You are else on the Internet for the PDAF to go and download the second stage or additional to switch

18
00:01:44,670 --> 00:01:46,020
the malware needs to run.

19
00:01:47,070 --> 00:01:52,710
And then we also have the launch keyword, which is similar to the open action keyword.

20
00:01:53,130 --> 00:02:00,830
And this launch keyword can be used to run scripts embedded within the email where the PDF file set

21
00:02:00,840 --> 00:02:08,120
out to run some new additional files that has been downloaded by the PDA.

22
00:02:09,240 --> 00:02:15,260
So some of the tools that we'll be using will automatically scan for all of these keywords here.

23
00:02:15,450 --> 00:02:17,570
So you do not have to memorize them.

24
00:02:18,300 --> 00:02:20,050
So that concludes this lecture.

25
00:02:20,400 --> 00:02:22,080
Thank you very much for watching.