Weapons of Targeted Attack: Modern Document Exploit Techniques

Weapons of Targeted Attack: Modern Document Exploit Techniques

The most common and effective way is using document exploit in the targeted attack. Due to the political issue, we have had opportunities to observe APT (advanced persistent threat) attacks in Taiwan since 2004. Therefore we have studied and researched malicious document for a long period of time.

Recently, we found APT attacks (e.g. RSA) used the same technique as we disclosed last year, e.g. embedding flash exploit in an excel document. In order to protect users against malicious document and targeted attacks, we would like to discuss the past, present, and future of document exploit from technical perspective, and predict possible techniques could be used in a malicious document in the future by demonstrating "proof of concept" exploits.

The presentation will cover four major types of document attacks:

  • Advanced fuzzing techniques.
  • Techniques to against exploit mitigation technologies (DEP/ASLR).
  • Techniques to bypass sandbox and policy control.
  • Techniques to defeat behavior based protection, such as host IPS.

Presented by