25C3 - 1.4.2.3
25th Chaos Communication Congress
Nothing to hide
Speakers | |
---|---|
Bruce Dang |
Schedule | |
---|---|
Day | Day 3 (2008-12-29) |
Room | Saal 1 |
Start time | 20:30 |
Duration | 01:00 |
Info | |
ID | 2938 |
Event type | lecture |
Track | Hacking |
Language used for presentation | en |
Feedback | |
---|---|
Did you attend this event? Give Feedback |
Methods for Understanding Targeted Attacks with Office Documents
As more security features and anti-exploitation mechanisms are added to modern operating systems, attackers are changing their targets to higher-level applications. In the last few years, we have seen increasing targeted attacks using malicious Office documents against both government and non-government entities. These attacks are well publicized in the media; unfortunately, there is not much public information on attack details or exploitation mechanisms employed in the attacks themselves. This presentation aims to fill the gap by offering:
- A brief overview of the Office file format,
- In-depth technical details and practical analytical techniques for triaging and understanding these attacks,
- Defensive mechanisms to reduce the effectiveness of the attacks,
- Forensics evidence that can help trace the attacks,
- Static detection mechanism for these vulnerabilities (i. e., how to write virus signatures for these vulns),
- Information and techniques to help detect these attacks on the wire.