Penetration document format slides

•

0 likes•362 views

Steph Cliche

Didier@DidierStevens.com
Penetration Document Format

Didier@DidierStevens.com
Identification and Analysis

Didier@DidierStevens.com
PDFiD 0.0.9 hello-world.pdf
PDF Header: %PDF-1.1
obj 7
endobj 7
stream 1
endstream 1
xref 1
trailer 1
startxref 1
/Page 1
/Encrypt 0
/ObjStm 0
/JS 0
/JavaScript 0
/AA 0
/OpenAction 0
/AcroForm 0
/JBIG2Decode 0
/RichMedia 0
/Colors > 2^24 0
PDFiD

Didier@DidierStevens.com
/Name Obfuscation

Didier@DidierStevens.com
http://www.Virustotal.com

Didier@DidierStevens.com
http://blog.rootshell.be

Didier@DidierStevens.com
In-The-Wild PDF

Didier@DidierStevens.com
PoC Pure ASCII PDF

Didier@DidierStevens.com
pdf-parser Demo

Didier@DidierStevens.com
Know Your Enemy ...

Didier@DidierStevens.com
Disable JavaScript?

Didier@DidierStevens.com
… Find His Achilles Heel

Didier@DidierStevens.com
Use Restricted Tokens
● Windows >= Vista + UAC
● DropMyRights
● StripMyRights
● SAFER SRP

Didier@DidierStevens.com
Restricted Token in Action

Didier@DidierStevens.com
Disclosure CVE-2009-2979

Didier@DidierStevens.com
XML-Bomb in Metadata

Didier@DidierStevens.com
Questions?
And hopefully some answers...

Didier@DidierStevens.com
Thank you
http://blog.DidierStevens.com

Viewers also liked

Plafons colonies la sinia meganuke94

8. jesús mostraba simpatíaA L

Велопрокат в парке "Сокольники"Event-agency C4group

Chimney & Flue Systems MF BrocureAirtherm Engineering

Rachel Fullmer-portfolioskeez0526

2. crisis en el edénA L

Coal train fact_checkBentonFranklin

SpyddrSteph Cliche

Cf 8 blocks of success training1Muhammed Eid

flue dilution solution Airtherm Engineering

12. los últimos días de jesúsA L

WordPress 3.6 New Featuresmasmanx

76216 99253-1-pbRolando Calle

Social Media for BusinessDeborah Deras, M.S., ALSP

The busy author's guide to popularity and profit on pinterestBestsellerSociety

Viewers also liked (15)

Plafons colonies la sinia

8. jesús mostraba simpatía

Велопрокат в парке "Сокольники"

Chimney & Flue Systems MF Brocure

Rachel Fullmer-portfolio

2. crisis en el edén

Coal train fact_check

Spyddr

Cf 8 blocks of success training1

flue dilution solution

12. los últimos días de jesús

WordPress 3.6 New Features

76216 99253-1-pb

Social Media for Business

The busy author's guide to popularity and profit on pinterest

More from Steph Cliche

Spy packSteph Cliche

Sc2014 proceedingsSteph Cliche

Sat howtoSteph Cliche

Satellite hackingSteph Cliche

Safes locking device-_mechanical_locks_versus_electronic_locksSteph Cliche

Ieee project-2014-2015-context-based-access-control-systemsSteph Cliche

Ieee interference-measurements-802.11nSteph Cliche

Guardi final reportSteph Cliche

718001 000 enSteph Cliche

2010 12-03 a-lawyers_guidetodataSteph Cliche

Tmplab hostile wrt-5-hackluSteph Cliche

Public wifiSteph Cliche

Le petit livre_du_hacker_2013Steph Cliche

013 50001-001 spy-elite_operators_manual_rev_eSteph Cliche

Hack.lu 09 ip-morphSteph Cliche

12Steph Cliche

09 09 2014Steph Cliche

7 1-system plus-evolution_spares_eng_6.0Steph Cliche

Global maritime-securitySteph Cliche

Future warSteph Cliche

More from Steph Cliche (20)

Spy pack

Sc2014 proceedings

Sat howto

Satellite hacking

Safes locking device-_mechanical_locks_versus_electronic_locks

Ieee project-2014-2015-context-based-access-control-systems

Ieee interference-measurements-802.11n

Guardi final report

718001 000 en

2010 12-03 a-lawyers_guidetodata

Tmplab hostile wrt-5-hacklu

Public wifi

Le petit livre_du_hacker_2013

013 50001-001 spy-elite_operators_manual_rev_e

Hack.lu 09 ip-morph

09 09 2014

7 1-system plus-evolution_spares_eng_6.0

Global maritime-security

Future war

Penetration document format slides

1. Didier@DidierStevens.com Penetration Document Format

2. Didier@DidierStevens.com

3. Didier@DidierStevens.com

4. Didier@DidierStevens.com Identification and Analysis

5. Didier@DidierStevens.com

6. Didier@DidierStevens.com PDFiD 0.0.9 hello-world.pdf PDF Header: %PDF-1.1 obj 7 endobj 7 stream 1 endstream 1 xref 1 trailer 1 startxref 1 /Page 1 /Encrypt 0 /ObjStm 0 /JS 0 /JavaScript 0 /AA 0 /OpenAction 0 /AcroForm 0 /JBIG2Decode 0 /RichMedia 0 /Colors > 2^24 0 PDFiD

7. Didier@DidierStevens.com /Name Obfuscation

8. Didier@DidierStevens.com PDFiD Demo

9. Didier@DidierStevens.com http://www.Virustotal.com

10. Didier@DidierStevens.com

11. Didier@DidierStevens.com http://blog.rootshell.be

12. Didier@DidierStevens.com In-The-Wild PDF

13. Didier@DidierStevens.com PoC Pure ASCII PDF

14. Didier@DidierStevens.com pdf-parser Demo

15. Didier@DidierStevens.com Protection

16. Didier@DidierStevens.com Foxit Reader

17. Didier@DidierStevens.com Sumatra PDF

18. Didier@DidierStevens.com Know Your Enemy ...