Overview
Embark on a comprehensive journey through PDF-based attacks in this Black Hat conference talk. Explore the intricacies of analyzing obfuscated Javascript code from Exploit Kits, extracting and examining exploits, with a primary focus on PDF documents. Progress from basic Javascript "Hello World" examples to dissecting real-world files employed by cutting-edge Exploit Kits. Gain hands-on experience in modifying malicious PDF files and implementing obfuscation techniques to evade antivirus detection, skills particularly valuable for penetration testing. Utilize the latest version of peepdf, a tool integrated into popular security distributions like REMnux, BackTrack, and Kali Linux, to tackle these tasks and uncover the most recent tactics employed by cybercriminals, including advanced filtering and encryption methods designed to complicate analysis.
Syllabus
Intro
Pamplona
What you need
Statistics
Most Wanted Split Kids
Traffic Distribution System
Filtering
VM Detection
How to Analyze
Getting the Code
Example Email
Example Page
Remove HTML
If Window Document
PDF Muse
Document Create Element
Global Context
Second Stage
Detect
Scripts
IE Exploit Code
Taught by
Black Hat