PDF: Portable Destructive File - FIRST

[Pages:51]Ministry of Science, Technology & Innovation

PDF: Portable Destructive File

FIRST AGM || MIAMI || 14 JUNE 2010

MAHMUD AB RAHMAN (MyCERT, CyberSecurity Malaysia)

Securing Our Cyberspace

Copyright ? 2009 CyberSecurity Malaysia

MYSELF

Mahmud Ab Rahman MyCERT, CyberSecurity Malaysia Lebahnet(honeynet), Botnet, Malware

Ministry of Science, Technology & Innovation

Securing Our Cyberspace

Copyright ? 2009 CyberSecurity Malaysia

2

Agenda

Intro PDF Attacks Analyzing malicious PDF Issues Reducing/Mitigation The Problem? Outro/Conclusion

Ministry of Science, Technology & Innovation

Securing Our Cyberspace

Copyright ? 2009 CyberSecurity Malaysia

3

Ministry of Science, Technology & Innovation

INTRO

1)Intro

3)Analyzing

5)Mitigation

2)PDF attacks 4)Issues

Securing Our Cyberspace

Copyright ? 2009 CyberSecurity Malaysia

6)Conclusion

INTRO : PDF 101

Ministry of Science, Technology & Innovation

PDF: Portable Destructive File : ) Portable Document Format Open Standard (2008) by Adobe (previously

proprietary)

Mainly for independent format instead of

*.doc, .odp, *.xls, *.ppt, *.etc, *.etc

PDF Reader Applications (Adobe Reader, Foxit

Reader, SumatraPDF,etc,etc)

Securing Our Cyberspace

Copyright ? 2009 CyberSecurity Malaysia

5

INTRO : PDF Format

Ministry of Science, Technology & Innovation

Has its own language Normally just ASCII characters.(/Filters /

application elements are using binary data (stream)

ASCII ? Readable (any text editors will do) Start with header (%PDF-[version]) End with eof element (%%EOF)

Securing Our Cyberspace

Copyright ? 2009 CyberSecurity Malaysia

6

INTRO : PDF Format (diagram)

%PDF-1.1

1 0 obj > endobj .... 5 0 obj > stream BT /F1 24 Tf 100 700 Td (Hello w00t!)Tj ET endstream endobj

xref 0 8 0000000000 65535 f 0000000012 00000 n 0000000089 00000 n

trailer > startxref 642

%%EOF

Securing Our Cyberspace

PDF Start (version)

PDF Object (obj ... endobj) -stream element contains data (" hello w00t!"). End

with endstream -Normally needs to decode

the data inside stream element

-JavaScript object starts with /JS

-Main subject to be abuse

Cross Reference

Trailer

End of File

Copyright ? 2009 CyberSecurity Malaysia

Ministry of Science, Technology & Innovation

7

INTRO : PDF Format view inside PDF readers

Ministry of Science, Technology & Innovation

Securing Our Cyberspace

Copyright ? 2009 CyberSecurity Malaysia

8

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download

To fulfill the demand for quickly locating and searching documents.

It is intelligent file search solution for home and business.

Literature Lottery

Related download
Related searches

©2024 5y1.org, Inc. All rights reserved.