1. Events
  2. HITBSecConf2015 – Amsterdam
  3. TECH TRAINING 2: Hacking PDFs for Ninjas
Star 0

Abstract

DURATION: 2 DAYS
CAPACITY: 20 pax
SEATS AVAILABLE: 14
PRICE: EUR1499 (early bird)
EUR1999 (normal rate)
Early bird registration rate ends on the 1st of March
REGISTER NOW

Overview
PDF exploits and malicious PDF documents have been on the radar for several years now. But do you know how to detect them? And how they are constructed?
This training will teach you how to analyze PDF files and create your own PDF hacks. PDF files that execute code, but also PDF documents to embed, obfuscate and hide all types of content.
Didier Stevens will teach you how to use his Python tools to analyze PDF documents and to create your own PDF documents from scratch. With a bit of knowledge of the Python programming language, Didier Stevens will teach you how to use his PDF Python module to create all sorts of “interesting” PDF files. And for good measure, we also throw in a bit of shellcode programming. Didier Stevens will reveal you shellcode he specially designed for PDF files. This shellcode has never been released publicly.
This is not a training on exploit development, but we will see with several exercises how exploits need to be packaged in PDF files. We focus on the PDF language, not on reversing PDF readers.
Who Should Attend
This training is for technical IT security professionals like pentesters, but also for interested hackers.
 
Key Learning Objectives

Deep understanding of the Portable Document Format
Analysis of (malicious) PDF files
Creation of PDF files from scratch for pentesting purposes and other fun

 
Hardware / Technical Requirements
A fairly recent Windows based laptop. All software and tools will be provided.

Pre-Requisite Knowledge

fluent with the Windows command prompt
notions of Python programming
notions of shellcode development

 
Detailed Agenda

Day 1

Extensive introduction to the PDF language
Identification of PDF files with pdfid
Analysis of PDF files with pdf-parser (20 exercises)

 
Day 2

Creation of PDF files (10 exercises total)
Generation of PDF files to embed payloads
Development of shellcode specially designed to be used in PDF documents
Packaging of a classic PDF exploit with heapspray
Development of a /Launch action exploit