Scribd
Upload
133 views27 pages

Penetration Document Format Slides

This document discusses penetration testing of PDF documents. It covers analyzing PDF documents to check for vulnerabilities, identifying common PDF vulnerabilities like JavaScript or encryption, using tools like PDFiD to analyze PDF headers, submitting files to VirusTotal for analysis, finding PDF documents in the wild to test, creating proof of concept exploits, and ways to protect against malicious PDFs like disabling JavaScript or using restricted user tokens. The document also provides an example of disclosing a vulnerability in a PDF viewer and creating a metadata XML bomb.

Uploaded by

chepimanca
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
133 views27 pages

Penetration Document Format Slides

This document discusses penetration testing of PDF documents. It covers analyzing PDF documents to check for vulnerabilities, identifying common PDF vulnerabilities like JavaScript or encryption, using tools like PDFiD to analyze PDF headers, submitting files to VirusTotal for analysis, finding PDF documents in the wild to test, creating proof of concept exploits, and ways to protect against malicious PDFs like disabling JavaScript or using restricted user tokens. The document also provides an example of disclosing a vulnerability in a PDF viewer and creating a metadata XML bomb.

Uploaded by

chepimanca
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 27

Penetration Document Format

[email protected]
[email protected]
[email protected]
Identification and Analysis

[email protected]
[email protected]
PDFiD
PDFiD 0.0.9 hello-world.pdf
PDF Header: %PDF-1.1
obj 7
endobj 7
stream 1
endstream 1
xref 1
trailer 1
startxref 1
/Page 1
/Encrypt 0
/ObjStm 0
/JS 0
/JavaScript 0
/AA 0
/OpenAction 0
/AcroForm 0
/JBIG2Decode 0
/RichMedia 0
/Colors > 2^24 0

[email protected]
/Name Obfuscation

[email protected]
PDFiD Demo

[email protected]
http://www.Virustotal.com

[email protected]
[email protected]
http://blog.rootshell.be

[email protected]
In-The-Wild PDF

[email protected]
PoC Pure ASCII PDF

[email protected]
pdf-parser Demo

[email protected]
Protection

[email protected]
Foxit Reader

[email protected]
Sumatra PDF

[email protected]
Know Your Enemy ...

[email protected]
Disable JavaScript?

[email protected]
… Find His Achilles Heel

[email protected]
Access Tokens

[email protected]
Use Restricted Tokens

● Windows >= Vista + UAC


● DropMyRights
● StripMyRights
● SAFER SRP

[email protected]
Restricted Token in Action

[email protected]
Disclosure CVE-2009-2979

[email protected]
XML-Bomb in Metadata

[email protected]
Questions?
And hopefully some answers...

[email protected]
Thank you

http://blog.DidierStevens.com

[email protected]

You might also like