PDF: A Vector for Badness Incognito
Speaker:
Jeremy Conway
Speaker Biography:
Jeremy Conway currently works as a Senior Information Technology Security Engineer for SAIC on the NASA Integrated Service Network (NISN) where he is the senior lead engineer for the WAN Security Operations Team.
Mr. Conway has over 10 years experience in Information Technology Security, and has worked for both the Department of the Army and Department of Defense during this time. He is currently pursuing a Masters Degree in Information Security at Colorado Tech, and holds a Bachelors Degree in Computer Science with a Minor in Mathematics from the University of Alabama Huntsville.
Jeremy holds several professional certifications which include the CISSP, MCSE:Security 2003, SnortCP, Certified Reverse Engineer Analyst (CREA), GIAC GSEC and GISSP, CCNA, Certified Ethical Hacker (CEH), Certified Security Analyst (ECSA), Cisco Certified Information Security Specialist, Security+, and Network+. He is an active member and contributor to multiple Malware Research, Botnet tracking, and Malicious Domain tracking internet communities dedicated to professionally analyzing, disclosing, and deterring the spread of hostile and/or malicious activities on the internet. He owns and operates sudosecure.net, a security related blog where some of his recent security related research can be found.
Abstract:
Many organizations regard Primary Document Format (PDF) files as a trusted and benign file type and accept them as the de-facto standard for publishing, and exchanging information via email attachments, the Internet, and just about every electronic media sharing technology available. PDF files are generally not regarded by these organizations as a powerfully enriched document format with an ever growing and expanding functionality, but regarded more in the sense of a enriched text document format. The real truth behind PDF files is they are a very feature rich document format with capabilities built into PDF reading applications such as a JavaScript Engine, media playing functionality, data compression routines, and several application level access abilities via API (Application Programable Interface). Criminal organizations and Malware authors have coupled this established trust and acceptance of the PDF file format with their expanded knowledge of the PDF file format to create new vectors of attack against our networks and end users. This presentation covers what a PDF file is, PDF available functionalities, the vectors for attacks used by malware authors in the past, the forensic investigation tools that can be utilized to find these attacks, and a demonstration of new vectors that have not yet been taken advantage of by malware authors, but could very easily be to increase the effectiveness of their malware distribution and infection rates.
Location:
Dynetics, Inc.
1002 Explorer Blvd NW
Huntsville, AL 35806
| Attachment | Size |
|---|---|
| PDF_Presentation.pdf | 2.8 MB |
