For those of you who attended my ISSA / OWASP talk Risky PDF, thanks for your interesting and challenging questions! I’m very pleased with the feedback I got.
You can download the presentation and demo files here. All my PDF blogpost can be found using category PDF.
A recurring remark I received afterward is about claiming not to be a PDF expert, while my presentation (and research) clearly shows otherwise.
I didn’t express myself clearly. When I started my presentation by stating that I’m not a PDF expert, I meant that I don’t know how to produce a PDF document with a nice layout, a content table, an index, captivating graphics, … I don’t even know how to use Adobe Professional to create a PDF document with embedded JavaScript. So don’t ask me questions about producing “benign” PDF documents, because I don’t have a clue.
But I do have build-up expertise in malicious PDF documents. I’ve become an expert in analyzing PDF malware. I know how to create a PDF document with embedded JavaScript from scratch, just using a text editor (and I’ve build tools to automate this). And I can perform a forensic analysis of PDF documents.
My PDF expertise is limited to malicious usage and forensics. Outside of the IT security field, people with my expertise are not considered PDF experts. It wasn’t intended as false modesty, I just can’t help you troubleshoot “benign” PDFs 😉
Didier Stevens 