The Irrelevance of K-Bytes Detection - Building a Robust Pipeline for Malicious Documents

Explore a comprehensive conference talk on building robust document analysis pipelines for detecting malicious content in various file formats. Delve into the challenges faced by security teams in addressing vulnerabilities in PDFs, Office files, and legacy textual formats. Learn about best practices for constructing effective analysis pipelines, including true type detection, sandboxing, signatures, dynamic/static content inspection, isolation, and content disarming and reconstruction. Gain insights into attackers' perspectives and evasion techniques for malicious payloads. Examine evaluation criteria, file type detection issues, and real-time versus offline pipeline implementations. Presented by Dan Amiga and Dor Knafo, this 52-minute Black Hat session offers valuable knowledge for enhancing document security measures.