KEMBAR78
Penetration Document Format Slides | PDF | Art | Computers
Scribd
Upload
145 views27 pages

Penetration Document Format Slides

This document discusses penetration testing of PDF documents. It covers analyzing PDF documents to check for vulnerabilities, identifying common PDF vulnerabilities like JavaScript or encryption, using tools like PDFiD to analyze PDF headers, submitting files to VirusTotal for analysis, finding PDF documents in the wild to test, creating proof of concept exploits, and ways to protect against malicious PDFs like disabling JavaScript or using restricted user tokens. The document also provides an example of disclosing a vulnerability in a PDF viewer and creating a metadata XML bomb.

Uploaded by

chepimanca
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
145 views27 pages

Penetration Document Format Slides

This document discusses penetration testing of PDF documents. It covers analyzing PDF documents to check for vulnerabilities, identifying common PDF vulnerabilities like JavaScript or encryption, using tools like PDFiD to analyze PDF headers, submitting files to VirusTotal for analysis, finding PDF documents in the wild to test, creating proof of concept exploits, and ways to protect against malicious PDFs like disabling JavaScript or using restricted user tokens. The document also provides an example of disclosing a vulnerability in a PDF viewer and creating a metadata XML bomb.

Uploaded by

chepimanca
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 27

Penetration Document Format

Didier@DidierStevens.com
Didier@DidierStevens.com
Didier@DidierStevens.com
Identification and Analysis

Didier@DidierStevens.com
Didier@DidierStevens.com
PDFiD
PDFiD 0.0.9 hello-world.pdf
PDF Header: %PDF-1.1
obj 7
endobj 7
stream 1
endstream 1
xref 1
trailer 1
startxref 1
/Page 1
/Encrypt 0
/ObjStm 0
/JS 0
/JavaScript 0
/AA 0
/OpenAction 0
/AcroForm 0
/JBIG2Decode 0
/RichMedia 0
/Colors > 2^24 0

Didier@DidierStevens.com
/Name Obfuscation

Didier@DidierStevens.com
PDFiD Demo

Didier@DidierStevens.com
http://www.Virustotal.com

Didier@DidierStevens.com
Didier@DidierStevens.com
http://blog.rootshell.be

Didier@DidierStevens.com
In-The-Wild PDF

Didier@DidierStevens.com
PoC Pure ASCII PDF

Didier@DidierStevens.com
pdf-parser Demo

Didier@DidierStevens.com
Protection

Didier@DidierStevens.com
Foxit Reader

Didier@DidierStevens.com
Sumatra PDF

Didier@DidierStevens.com
Know Your Enemy ...

Didier@DidierStevens.com
Disable JavaScript?

Didier@DidierStevens.com
… Find His Achilles Heel

Didier@DidierStevens.com
Access Tokens

Didier@DidierStevens.com
Use Restricted Tokens

● Windows >= Vista + UAC


● DropMyRights
● StripMyRights
● SAFER SRP

Didier@DidierStevens.com
Restricted Token in Action

Didier@DidierStevens.com
Disclosure CVE-2009-2979

Didier@DidierStevens.com
XML-Bomb in Metadata

Didier@DidierStevens.com
Questions?
And hopefully some answers...

Didier@DidierStevens.com
Thank you

http://blog.DidierStevens.com

Didier@DidierStevens.com

You might also like