PDF Attack: A Journey From the Exploit Kit to the Shellcode

Presented at Black Hat Asia 2014, Unknown date/time (Unknown duration).

"PDF Attack: A Journey From the Exploit Kit to the Shellcode" is a workshop to show how to analyze obfuscated JavaScript code from an Exploit Kit page, extract the exploits used and analyze them. Nowadays, it is possible to use automated tools to extract URLs and binaries but it is also important to know how to do it manually to not to miss a detail. We will focus on PDF documents mostly, starting from a simple JavaScript Hello World document and ending with a real file used by a fresh Exploit Kit. This workshop will also include exercises to modify malicious PDF files and obfuscate them to try to bypass AV software, very useful in pentesting. The last version of peepdf (included in REMnux, BackTrack and Kali Linux) will be used to accomplish these tasks, so it means that this presentation covers the latest tricks used by cybercriminals like using new filters and encryption to make the analysis more difficult.


Presenters:

  • Jose Miguel Esparza - Fox-IT
    Jose Miguel Esparza is a security researcher who has been working as an e-crime analyst for more than 7 years, focused on botnets, malware, and Internet fraud. He started working at S21sec e-crime and some time ago he joined the Fox-IT InTELL team in The Netherlands. He is the author of some exploits and analysis tools like Malybuzz and peepdf (http://peepdf.eternal-todo.com). He is also a regular writer on eternal-todo.com about security and threats in Internet, and has taken part in several conferences, e.g. RootedCon (Spain), NcN (Spain), CARO Workshop (Czech Republic), Source Seattle (USA) and Black Hat (The Netherlands / USA). You can easily find him on Twitter @EternalTodo talking about security.

Links:

Similar Presentations: