Title: Portable Document Flaws 101

Abstract

PDF is a document format on steroids. In this talk, we will dive deep
into the PDF specification and reveal its less known, insecure features.
We perform a systematic and in-depth analysis of the capabilities of
malicious PDF documents leading to vulnerabilities in all major PDF
viewers. Our attacks are categorized into four classes:

(1) Denial-of-Service attacks affecting the host on which the document is
processed.

(2) Information disclosure attacks which track who opens a
document or leak personal data out of the victim's computer to the
attacker's server, such as PDF document form data, local files, or user
credentials.

(3) Data manipulation attacks which modify form values,
write local files on the host system, or mask the displayed content of a
document based on the opening application.

(4) Execution of code on the victim's machine, by silently launching an embedded executable. Finally, we propose a methodology to systematically protect against attacks based on legitimate-but-dangerous PDF document features.

Bio

Jens Müller is a PhD candidate at the Chair for Network and Data
Security, Ruhr University Bochum, Germany. His research interests are
legacy protocols and data formats, for which he loves to investigate
what could possibly go wrong in a modern world. He has experience as a
speaker on international security conferences (Black Hat, DEF CON,
USENIX, OWASP, IEEE S&P) and as a freelancer in network penetration
testing and security auditing. In his spare time, he develops free open
source software, for example tools related to network printer exploitation.

Language

This session maybe held in English or in German. Please raise your hand if you plan to attend and prefer English. Depending on that we make a decision.

How to join?

EVERYBODY is welcome to attend. OWASP Stammtisch events in general are free.

OWASP-Stammtisch subscribers @ meetup who RSVP'd for the event will receive a Google Meet invite URL and can join the video conference directly. Please make sure you are muted by default.