DeepSec 2011: The security of non-executable files

Speaker: Daniel Pistelli

This talk presents an overview of the security risks in non-executable files such as PDF, rich media and office documents. The extent and the roots of the issues (not only in terms of infection).

The approaches to store and hide, in order to avoid detection, malicious data inside these file formats and what can be done in terms of prevention. Also, ramifications for the embedded sector. The talk aims to range from global considerations to individual cases.

Watch this video on YouTube

Views

Likes

Source: DeepSec

Christiaan008

Source: Christiaan008

Main category

Information security & security management

Subcategory

Information security

Subcategory

Security management

Main category

Disclosure & vulnerability

Subcategory

Vulnerability

Be surprised

I know what I'm looking for

Videos by category

Related videos

Toying with barcodes

Toying with barcodes

Rootkits: What they are, and how to find them

Rootkits: What they are, and how to find them

Building the DEF CON Network

Building the DEF CON Network

28C3: Towards a single secure European cyberspace?

28C3: Towards a single secure European cyberspace?

Secure code reviews magic or art? A simplified approach to secure code reviews

Secure code reviews magic or art? A simplified approach to secure code reviews

RFID hacking

RFID hacking

DeepSec 2013: Mobile Fail: Cracking open “secure” Android containers

DeepSec 2013: Mobile Fail: Cracking open “secure” Android containers

NOTACON 3: Network printer hacking

NOTACON 3: Network printer hacking

DeepSec 2011: The security of non-executable files

DeepSec 2011: The security of non-executable files

DeepSec 2007: Browser hijacking

DeepSec 2007: Browser hijacking

OWASP AppSecUSA 2011: Ghosts of XSS past, present and future

OWASP AppSecUSA 2011: Ghosts of XSS past, present and future

ICS Cybersecurity Advanced Training Day 4

ICS Cybersecurity Advanced Training Day 4

OWASP AppSecUSA 2012: Bug bounty programs

OWASP AppSecUSA 2012: Bug bounty programs

DeepSec 2009: Building the next generation IDS engine

DeepSec 2009: Building the next generation IDS engine

22C3: Attacking the IPv6 protocol suite

22C3: Attacking the IPv6 protocol suite

DEF CON 14: US-VISIT: Raping personal privacy since 2004

DEF CON 14: US-VISIT: Raping personal privacy since 2004

DEF CON 19: Hacking and forensicating an Oracle database server

DEF CON 19: Hacking and forensicating an Oracle database server

SOURCE Boston 2009: Splunk

SOURCE Boston 2009: Splunk

Introduction to Trusted Computing

Introduction to Trusted Computing

DeepSec 2010: Circumventing common Pitfalls when auditing sourcecode for security vulnerabilities

DeepSec 2010: Circumventing common Pitfalls when auditing sourcecode for security vulnerabilities

Hacking WPA2 key: Evil Twin method

Hacking WPA2 key: Evil Twin method

OWASP AppSecUSA 2011: Simplifying threat modelling

OWASP AppSecUSA 2011: Simplifying threat modelling

DEF CON 20: Demorpheus: Getting rid of polymorphic shellcodes in your network

DEF CON 20: Demorpheus: Getting rid of polymorphic shellcodes in your network

ShmooCon 2014: ISP’s unauthenticated SOAP service

ShmooCon 2014: ISP’s unauthenticated SOAP service

DeepSec 2013: Uncovering your trails

DeepSec 2013: Uncovering your trails

Remote hack on Damn Vulnerable Linux

Remote hack on Damn Vulnerable Linux