This is a write-up about how to use Frida to dump documents from a process after they have been loaded and decrypted. It’s a generic and very effective approach demonstrated on a piece of software from North Korea.
Continue reading “Dumping Decrypted Documents from a North Korean PDF Reader”
Continue reading