Bugged Files: Is Your Document Telling on You?

Presented at DEF CON 23 (2015), Aug. 7, 2015, 10 a.m. (60 minutes)

Certain file formats, like Microsoft Word and PDF, are known to have features that allow for outbound requests to be made when the file opens. Other file formats allow for similar interactions but are not well-known for allowing such functionality. In this talk, we explore various file formats and their ability to make outbound requests, as well as what that means from a security and privacy perspective. Most interestingly, these techniques are not built on mistakes, but intentional design decisions, meaning that they will not be fixed as bugs. From data loss prevention to de-anonymization to request forgery to NTLM credential capture, this presentation will explore what it means to have files that communicate to various endpoints when opened.

Presenters:

• Daniel Crowley / unicornFurnace - Security Consultant, NCC Group   as Daniel "unicornFurnace" Crowley
  Daniel (aka "unicornFurnace") is a Security Consultant for NCC Group. Daniel denies all allegations regarding unicorn smuggling and questions your character for even suggesting it. Daniel has developed configurable testbeds such as SQLol and XMLmao for training and research regarding specific vulnerabilities. Daniel enjoys climbing large rocks. Daniel has been working in the information security industry since 2004 and is a frequent speaker at conferences including Black Hat, DEF CON, Shmoocon, and SOURCE. Daniel does his own charcuterie. Daniel also holds the title of Baron in the micronation of Sealand.
• Damon Smith - Associate Security Consultant, NCC Group
  Damon Smith is an Associate Security Engineer with NCC Group, an information security firm specializing in application, network, and mobile security. Damon specializes in web application assessments, embedded device/point of sale assessments, network penetration testing, and mobile testing. Damon graduated with a BS is Computer Science from the University of Texas, with a focus on Information Security. He has experience working as an IT consultant in the legal and retail industries and further as a security consultant focusing on application assessments.

Links:

• https://defcon.org/html/defcon-23/dc-23-speakers.html#Crowley
• https://infocon.org/cons/DEF CON/DEF CON 23/DEF CON 23 video and slides/DEF CON 23 - Daniel Crowley and Damon Smith - Bugged Files - Is Your Doc Telling on You - Video and Slides.srt (subtitles)
• https://infocon.org/cons/DEF CON/DEF CON 23/DEF CON 23 video and slides/DEF CON 23 - Daniel Crowley and Damon Smith - Bugged Files - Is Your Doc Telling on You - Video and Slides.mp4 (Video and Slides)
• https://www.youtube.com/watch?v=M3vP-wughPo

Similar Presentations:

• TROOPERS16 (2016) / Caring for file formats
• Black Hat USA 2015 / Exploiting XXE Vulnerabilities in File Parsing Functionality
• TROOPERS16 (2016) / Deep-dive into SAP archive file formats