We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Sneaky PDF

13
 Cite
 Share
 Download
 Purchase
No logo availableDEF CON
 Rahman, Mahmud Ab

Formal Metadata

Title
Sneaky PDF
Title of Series
Number of Parts
122
Author
License
CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
Mahmud Ab Rahman - Sneaky PDF Being a most prevalent document exchange format on the Internet, Portable Document Format (PDF) is in danger of becoming the main target for client-side attack. With estimation of more than 1.5 million line of code and loaded with huge functionalities, this powerful document format is suffered with several high impact vulnerabilities, allowing attackers to exploit and use it as malware spreading vector. Until now, there are thousands of malicious PDF file spreads with little chances of getting detected. The challenges are obfuscation techniques used by the attackers to hide their malicious activities, hence minimizing detection rate. In order to sustain the survival of malicious PDF file on the Internet, attackers circumvent the analysis process through diverse obfuscation techniques. Obfuscation methods used usually ranges from PDF syntax obfuscation, PDF filtering mechanism, JavaScript obfuscation, and variant from both methods. Because of rapid changes in methods of obfuscation, most antivirus software as well as security tools failed to detect malicious content inside PDF file, thus increasing the number of victims of malicious PDF mischief. In this paper, we study in the obfuscation techniques used inside in-the-wild malicious PDF, how to make it more stealthy and how we can improve analysis on malicious PDF. Mahmud Ab Rahman currently works as Information Security Specialist for Malaysia Computer Emergency and Response Team (MyCERT) under umbrella of CyberSecurity Malaysia. Prior to that, he worked as an Intrusion Analyst at MyCERT department. His education background comprises of Master Degree in Computer Science from National University of Malaysia in 2006. Prior to that, he obtained a Degree in Computer Science from the same university. Mahmud has been involved in the computer security field for over 5 years. His area of focus and interest is network security, honeynet, botnet monitoring, and malware analysis. He also engages in several large scale penetration-testing exercises and to provide solutions for any vulnerability detected. Moreover, he is recognized for conducting numbers of training for organizations to talk on topics ranging from introduction to advanced security courses. He is a occasional speaker at conferences such as FIRST Technical Colloquium, FIRST Annual Conference, Honeynet Annual Security Conference, Honeynet Project HackInTheBox SIGINT and Infosec.MY He currently holds a GIAC's GPEN, GREM and CISCO's (CCNA,CCNP). On 2010, he wrote a paper on "Getting Owned By Malicious PDF" for GIAC GPEN Gold certification.