Name: Portable Document Flaws 101
Start: 2020-12-09T19:00:00+01:00
End: 2020-12-09T20:30:00+01:00

Title: Portable Document Flaws 101

Abstract
========
PDF is a document format on steroids. In this talk, we will dive deep
into the PDF specification and reveal its less known, insecure features.
We perform a systematic and in-depth analysis of the capabilities of
malicious PDF documents leading to vulnerabilities in all major PDF
viewers. Our attacks are categorized into four classes:

(1) Denial-of-Service attacks affecting the host on which the document is
processed.

(2) Information disclosure attacks which track who opens a
document or leak personal data out of the victim's computer to the
attacker's server, such as PDF document form data, local files, or user
credentials.

(3) Data manipulation attacks which modify form values,
write local files on the host system, or mask the displayed content of a
document based on the opening application.

(4) Execution of code on the victim's machine, by silently launching an embedded executable. Finally, we propose a methodology to systematically protect against attacks based on legitimate-but-dangerous PDF document features.

Bio
===
Jens Müller is a PhD candidate at the Chair for Network and Data
Security, Ruhr University Bochum, Germany. His research interests are
legacy protocols and data formats, for which he loves to investigate
what could possibly go wrong in a modern world. He has experience as a
speaker on international security conferences (Black Hat, DEF CON,
USENIX, OWASP, IEEE S&P) and as a freelancer in network penetration
testing and security auditing. In his spare time, he develops free open
source software, for example tools related to network printer exploitation.

Language
==========
This session maybe held in English or in German. Please raise your hand if you plan to attend and prefer English. Depending on that we make a decision.

How to join?
============
EVERYBODY is welcome to attend. OWASP Stammtisch events in general are free.

OWASP-Stammtisch subscribers @ meetup who RSVP'd for the event will receive a Google Meet invite URL and can join the video conference directly. Please make sure you are muted by default.

Björn Kimminich

Dirk Wetter

OWASP Hamburg Meeting

OWASP® Foundation 

Technology

Education & Technology

Computer Security

Cloud Security

Software Security

Application Security

Information Security

Network Security

Web Security

White Hat Hacking

Web Application Security

OWASP

Ethical Hacking

Portable Document Flaws 101

Online event

Teilen

OWASP Hamburg Meeting

Portable Document Flaws 101

OWASP Hamburg Meeting

Details

Mitglieder interessieren sich auch für