Sep 2, 2013

Training in the spotlight: Hacking PDF by Didier Stevens


We have some great trainings lined up for you at BruCON this year.
Just to make it even harder for you to choose one, we will put some of these trainings in the spotlight.

The second training is Hacking PDF, taught by Didier Stevens. Didier is a pioneer in malicious PDF document research, and has developed several tools to help with the analysis of malicious PDF documents. Steven on this unique training:



"What do you want from training? I want to gain knowledge. I designed my “Hacking PDF” training with this goal in mind.
“Hacking PDF” is a 2-day training focusing on the PDF language, not on reversing PDF readers. By attending this training, you will first acquire knowledge about the PDF language. And then we will use this knowledge to analyze malicious PDFs (day 1) and create PDFs for fun and profit (day 2).
Learning to use tools is nice, and learning new skills is interesting. But I want more. I also want to get a deep understanding of the subject. Because with this knowledge, I can develop new tools and invent new techniques.
On day one I explain the fundamentals of the PDF language. We take a look at several features of the language that malware authors use and abuse. And then we start analyzing PDFs. You learn to use my tools pdfid and pdf-parser on 20 simple PDF exercises. The exercise is to find the malicious behavior of the PDF, the goal is to gain understanding of PDF malware. And then we move on to the real deal: analyzing real, in-the-wild PDF malware.
On day two we use our understanding of the PDF language and PDF malware to create our own PDF files and modify existing PDF files. This is done with pure Python tools and other free tools. Adobe products are not used in this training, except to view PDFs. We will learn to do simple and smart fuzzing of PDFs, create PDFs that exploit vulnerabilities in PDF readers, embed files and PDFs, and a lot of other interesting hacks … 
You can find a “Hacking PDF” slideshow here: http://www.slideshare.net/DidierStevens/teaser-hackingpdfslides
There are not many pre-requisites for this training:
  1. You don’t need to know anything about PDF, I will teach you what we need to know.
  2. We use Python scripts, but you don’t need to be a Python programmer. We will modify existing scripts, so a bit of programming knowledge like if statements and loops is enough.
  3. Not need to understand assembly or shellcode, we use a shellcode emulator. And I will provide you the shellcode for day 2, you do not need to write it yourself.
  4. You need to be at ease with the command-line
  5. A security mindset is an advantage ;-)"