Agenda (one day):

Microsoft Office documents analysis:

  • Description of Office documents file formats
    • Mostly focused on Word
    • Document organization (Office 97/2003, Office 2007/2010)
  • Study of Office macros
  • Detection process of a malicious Office document
    • Presentation of the tools of interest
  • Study of a document's internals: identifying exploits, locating and extracting the payload
  • Analysis of a document source, finding markers to create custom AV signatures
  • Analysis of authentic Office exploits cases

PDF documents analysis:

  • Description of the PDF file format
  • Presentation of PDF documents scripting features and exploitation
  • Study of obfuscation techniques using advanced PDF features
  • Detection process of a malicious PDF document
  • Analysis of a document's internals: locating and extracting the payload with Origami
  • Analysis of authentic PDF exploits cases

Who should attend?:

  • IT security specialists
  • Forensics analysts
  • Individuals interested in this topic

Prerequisites:

Participants must know how to use a debugger, a disassembler, and a hex editor