penetration document format slides

Didier@DidierStevens.com

Penetration Document Format

Identification and Analysis

PDFiD 0.0.9 hello-world.pdf PDF Header: %PDF-1.1 obj 7 endobj 7 stream 1 endstream 1 xref 1 trailer 1 startxref 1 /Page 1 /Encrypt 0 /ObjStm 0 /JS 0 /JavaScript 0 /AA 0 /OpenAction 0 /AcroForm 0 /JBIG2Decode 0 /RichMedia 0 /Colors > 2^24 0

/Name Obfuscation

PDFiD Demo

http://www.Virustotal.com

http://blog.rootshell.be

In-The-Wild PDF

PoC Pure ASCII PDF

pdf-parser Demo

Protection

Foxit Reader

Sumatra PDF

Know Your Enemy ...

Disable JavaScript?

… Find His Achilles Heel

Access Tokens

Use Restricted Tokens

● Windows >= Vista + UAC● DropMyRights● StripMyRights● SAFER SRP

Restricted Token in Action

Disclosure CVE-2009-2979

XML-Bomb in Metadata

Questions?

And hopefully some answers...

Thank you

http://blog.DidierStevens.com

penetration document format slides

pdf header

wild pdf

pure ascii pdf

parser demo

restricted tokens windows

achilles heel

document format

Documents

2012 gwu...

hacking -...

droplet impact and penetration onto … · droplet impact...

field cone penetration tests with various penetration rates...

high throughput imaging of geological slides€¦ · sions...

market penetration and acquisition strategies for...

penetration test con kali linux - linuxdaytorino.org ·...

wind integration, transient stability and pmu...

how to format powerpoint presentation slides

meatless mondays slides new format

week 8 slides in powerpoint format

indoor office wideband penetration loss measurements at 73...

web application penetration testing · penetration testing...

emotional intelligence lecture slides a series of lecture...

teleconference presentation slides [powerpoint format -...

bitumina - bitumen penetration grade 60 70- …€¦ ·...

podcasting is functional extra slides larger format...

slides format a dos

sap penetration testing sap penetration testing - black hat

session3 infs1000 s1 2016 preview [slides format]