Abusing RTF: Exploitation, Evasion and Exfiltration

Presented at DerbyCon 6.0 Recharge (2016), Sept. 23, 2016, 12:30 p.m. (25 minutes).

If you knew how many ways you could obfuscate and deliver payloads with RTF documents, you would have thought it was a file format Microsoft secretively purchased from Adobe. 2016 has peeked my interest in the RTF specification, come learn why. This talk walks through examples that abuse the RTF specification and address these 3 key areas with RTF documents: Exploitation, Evasion and Exfiltration. Audience members will gain a technical understanding of: How this file format type is being leveraged in attacks today; Many ways RTF documents can be obfuscated to bypass security technologies; Ex-filtrate data in plain sight. So come check it out! I’ve got evasions so effective -- it’ll make you wanna slap yo’ mama!

Presenters:

Similar Presentations: