Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

The Irrelevance of K-Bytes Detection - Building a Robust Pipeline for Malicious Documents

Black Hat via YouTube

Overview

Explore a comprehensive conference talk on building robust document analysis pipelines for detecting malicious content in various file formats. Delve into the challenges faced by security teams in addressing vulnerabilities in PDFs, Office files, and legacy textual formats. Learn about best practices for constructing effective analysis pipelines, including true type detection, sandboxing, signatures, dynamic/static content inspection, isolation, and content disarming and reconstruction. Gain insights into attackers' perspectives and evasion techniques for malicious payloads. Examine evaluation criteria, file type detection issues, and real-time versus offline pipeline implementations. Presented by Dan Amiga and Dor Knafo, this 52-minute Black Hat session offers valuable knowledge for enhancing document security measures.

Syllabus

Introduction
Agenda
Problem Space
File Formats
Click Rates
Web Browsing Security
Mail vs Web
Document Analysis Pipeline
Evaluation Criteria
File Type Detection
Problems with File Type Detection
Webpage Example
Sandbox
CDLs
Remote Viewing
RealTime Pipeline
Offline Pipeline
Summary

Taught by

Black Hat

Reviews

Start your review of The Irrelevance of K-Bytes Detection - Building a Robust Pipeline for Malicious Documents

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.