From BruCON 2015
Jump to: navigation, search
(Created page with "=Hacking PDF by Didier Stevens= PDF exploits and malicious PDF documents have been on the radar for several years now. But do you know how to detect them? And how they are con...")
 
Line 9: Line 9:
 
Attendees will receive a personal license to Didier Stevens Labs’ “PDF Workshop” videos and a Teensy USB development board.
 
Attendees will receive a personal license to Didier Stevens Labs’ “PDF Workshop” videos and a Teensy USB development board.
  
==Who Should Attend==
+
===Who Should Attend===
 
This training is for technical IT security professionals like pentesters, but also for interested hackers.
 
This training is for technical IT security professionals like pentesters, but also for interested hackers.
  
==Key Learning Objectives==
+
===Key Learning Objectives===
  
 
* Deep understanding of the Portable Document Format
 
* Deep understanding of the Portable Document Format
Line 18: Line 18:
 
* Creation of PDF files from scratch for pentesting purposes and other fun
 
* Creation of PDF files from scratch for pentesting purposes and other fun
  
==Technical Requirements==
+
===Technical Requirements===
 
A Windows laptop.
 
A Windows laptop.
  
==Pre-Requisite Knowledge==
+
===Pre-Requisite Knowledge===
  
 
* fluent with the Windows command prompt
 
* fluent with the Windows command prompt
Line 27: Line 27:
 
* notions of shellcode development
 
* notions of shellcode development
  
==Detailed Agenda==
+
===Detailed Agenda===
  
 
'''Day 1'''
 
'''Day 1'''
Line 40: Line 40:
 
* Packaging of a classic PDF exploit with heapspray
 
* Packaging of a classic PDF exploit with heapspray
 
* Development of a /Launch action exploit
 
* Development of a /Launch action exploit
 +
 +
 +
== Trainer Biography ==
 +
[[File:Photo-didier-stevens.jpg|190px|thumb|left]] '''Didier Stevens''' is 5-to-9 security researcher and Microsoft MVP. Mostly IT security. And programming. And (hardware) hacking. And PDF.
 +
 +
More information about Didier Stevens is available at his blog [http://blog.didierstevens.com]
 +
 +
[[Image:300px-twitter-icon.jpg|17px]] [https://twitter.com/#!/DidierStevens @DidierStevens]
 +
 +
[http://didierstevenslabs.com http://didierstevenslabs.com]
 +
 +
<br><br><br><br><br><br><br><br><br><br><br>
 +
''24 & 25 September (09:00 - 17:00)''
 +
 +
[[File:Register.jpg||link=https://registration.brucon.org/training-registration/]]
 +
 +
[[Training|Back to Training Overview]]

Revision as of 11:19, 11 April 2013

Hacking PDF by Didier Stevens

PDF exploits and malicious PDF documents have been on the radar for several years now. But do you know how to detect them? And how they are constructed?

This training will teach you how to analyze PDF files and create your own PDF hacks. PDF files that execute code, but also PDF documents to embed, obfuscate and hide all types of content. Didier Stevens will teach you how to use his Python tools to analyze PDF documents and to create your own PDF documents from scratch. With a bit of knowledge of the Python programming language, Didier Stevens will teach you how to use his PDF Python module to create all sorts of “interesting” PDF files. And for good measure, we also throw in a bit of shellcode programming. Didier Stevens will reveal you shellcode he specially designed for PDF files. This shellcode has never been released publicly.

This is not a training on exploit development, but we will see with several exercises how exploits need to be packaged in PDF files. We focus on the PDF language, not on reversing PDF readers.

Attendees will receive a personal license to Didier Stevens Labs’ “PDF Workshop” videos and a Teensy USB development board.

Who Should Attend

This training is for technical IT security professionals like pentesters, but also for interested hackers.

Key Learning Objectives

  • Deep understanding of the Portable Document Format
  • Analysis of (malicious) PDF files
  • Creation of PDF files from scratch for pentesting purposes and other fun

Technical Requirements

A Windows laptop.

Pre-Requisite Knowledge

  • fluent with the Windows command prompt
  • notions of Python programming
  • notions of shellcode development

Detailed Agenda

Day 1

  • Extensive introduction to the PDF language
  • Identification of PDF files with pdfid
  • Analysis of PDF files with pdf-parser (20 exercises)

Day 2

  • Creation of PDF files (10 exercises total)
  • Generation of PDF files to embed payloads
  • Development of shellcode specially designed to be used in PDF documents
  • Packaging of a classic PDF exploit with heapspray
  • Development of a /Launch action exploit


Trainer Biography

Photo-didier-stevens.jpg
Didier Stevens is 5-to-9 security researcher and Microsoft MVP. Mostly IT security. And programming. And (hardware) hacking. And PDF.

More information about Didier Stevens is available at his blog [1]

300px-twitter-icon.jpg @DidierStevens

http://didierstevenslabs.com












24 & 25 September (09:00 - 17:00)

Register.jpg

Back to Training Overview