вторник, 14 мая 2013 г.

On PHDays 2013 I will speak about Dynamic detection of shell code in electronic documents

On PHDays 2013 FastTrack I will speak about Dynamic detection of shell code in electronic documents

The past few years show frequent use of e-mail messages with electronic documents containing exploits. Attackers use this technique to enlarge botnets or to spy on the industrial secrets of an organization. The report will describe dynamic detection of shellcode in electronic documents without signature analysis to enhance security of employees engaged in document flow. A zero-day vulnerability detected in Yandex.Browser will be used to demonstrate how the software use can decrease incident response time spent by the information security service of a company.

My speech will be on Russian, but I'll try to create slides on English.


My speech based on this article (in Russian)

We tested our programm on:
> 20 000 *.pdf files (was opened in Adobe Reader 9-11, Foxit Reader 3-6, Google Chrome, Yandex.Browser)
> 10 000 *.doc, *.docx, *.rtf files (was opened in MS Word 2003, 2007, Libre Office 4.0)
OS Win XP, Win 7

We'he found:

Some APT attacks with some known CVE (CVE-2012-0158 and some else) for MS Word 2003, 2007

Vulnerability on Yandex.Browser (must fixed in latest version, but I didn't check it at this time)

Many crashes on many programs, that we still researching.

Original message on Russian