RTF Abuse: Exploitation, Evasion and Counter Measures

SecTor 2016

Presented by: Devon Greene
Date: Wednesday October 19, 2016
Time: 13:25 - 14:25
Location: 801A
Track: Tech

If you knew how many ways you could obfuscate and deliver payloads with RTF documents, you would have thought it was a file format Microsoft secretively purchased from Adobe. Kidding aside, 2016 has peeked my interest in the RTF specification and you should learn why. This talk walks through research experiences and examples that take advantage of the RTF specification and address these three areas: exploitation, evasion and counter measures.

Audience members can expect to gain a technical understanding of the following:

Links

Devon Greene

Devon Greene is a Senior Security Research Engineer at Ixia’s Application and Threat Intelligence (ATI) Research Center. His focus is on malware analysis, vulnerability discovery, and product development. Before entering the realm of R&D, he worked in the financial sector and served as a SME on Network and System Security, Penetration Testing, and Incident Response. Outside of his work life, you can find him competing in CTFs with friends, developing tools and adventuring outdoors.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats