The most common and effective way is using document exploit in the targeted attack. Due to the political issue, we have had opportunities to observe APT (advanced persistent threat) attacks in Taiwan since 2004. Therefore we have studied and researched malicious document for a long period of time.
Recently, we found APT attacks (e.g. RSA) used the same technique as we disclosed last year, e.g. embedding flash exploit in an excel document. In order to protect users against malicious document and targeted attacks, we would like to discuss the past, present, and future of document exploit from technical perspective, and predict possible techniques could be used in a malicious document in the future by demonstrating "proof of concept" exploits.
The presentation will cover four major types of document attacks:
Sung-ting (TT) is a staff research engineer in core tech department of Trend Micro. His major areas of interest include document exploit, malware detection, sandbox technologies, system vulnerability and protection, web security, cloud and virtualization technology. He also has been doing document application security research for years, and has presented his researches in Syscan Singapore 10 and Hacks in Taiwan 08. He and Ming-chieh are members of CHROOT security group in Taiwan.
Ming-chieh's (Nanika) major areas of expertise include vulnerability research, exploit techniques, malware detection and mobile security. He has 10+ years of experience on vulnerability research on Windows platform and malicious document and exploit. He has discovered numerous Windows system and document application vulnerabilities, such as Microsoft Office, Adobe PDF, and Flash. He frequently presents his researches at security conferences in Asia, including Syscan Singapore/Taipei/Hong Kong 08/10, Hacks in Taiwan 05/06/07/09/10. Ming-chieh is a senior vulnerability researcher with Net-Hack Inc. He and Sung-ting are members of CHROOT security group in Taiwan.