Saturday, December 7, 2013

CPE: McAfee AudioParasitic: Episode 41: Didier Stevens on PDF Hacking

length: 00:20:55

Didier – start blogging in June 2006
Blogging help to keep track things he does
Belgium security
Start with Apple II, basic not enough-  start write assembly
end of 80s: HP unix – there is security incorporated – multi user

file structure of PDF file format
found interesting: fundamental blocks that makes the PDF language
the strings & the name do not have to unique way to represent then you can have different way to represent – you can have canonical issue: can write same thing in different way/representation

PDF supports embedded file: most PDF reader does not allow execution of embedded file
McAfee & Sophos are the feq AV that can scan the embedded file in PDF
Exploit when open: execute malicious JavaScript that in turn will open another embedded PDF file – looking like you open a normal PDF file

Many malicious file that contain discussion china/tibet – interesting perhaps china gov

Labels: ,


Post a Comment

Subscribe to Post Comments [Atom]

<< Home