25C3 - 1.4.2.3

25th Chaos Communication Congress
Nothing to hide

Referenten
Bruce Dang
Programm
Tag Day 3 (2008-12-29)
Raum Saal 1
Beginn 20:30
Dauer 01:00
Info
ID 2938
Veranstaltungstyp lecture
Track Hacking
Sprache der Veranstaltung en
Feedback

Methods for Understanding Targeted Attacks with Office Documents

As more security features and anti-exploitation mechanisms are added to modern operating systems, attackers are changing their targets to higher-level applications. In the last few years, we have seen increasing targeted attacks using malicious Office documents against both government and non-government entities. These attacks are well publicized in the media; unfortunately, there is not much public information on attack details or exploitation mechanisms employed in the attacks themselves. This presentation aims to fill the gap by offering:

  • A brief overview of the Office file format,
  • In-depth technical details and practical analytical techniques for triaging and understanding these attacks,
  • Defensive mechanisms to reduce the effectiveness of the attacks,
  • Forensics evidence that can help trace the attacks,
  • Static detection mechanism for these vulnerabilities (i. e., how to write virus signatures for these vulns),
  • Information and techniques to help detect these attacks on the wire.