Didier Stevens

Tuesday 18 November 2008

My ISSA / OWASP Talk “Risky PDF”

Filed under: PDF — Didier Stevens @ 18:34

For those of you who attended my ISSA / OWASP talk Risky PDF, thanks for your interesting and challenging questions! I’m very pleased with the feedback I got.

You can download the presentation and demo files here. All my PDF blogpost can be found using  category PDF.

A recurring remark I received afterward is about claiming not to be a PDF expert, while my presentation (and research) clearly shows otherwise.

I didn’t express myself clearly. When I started my presentation by stating that I’m not a PDF expert, I meant that I don’t know how to produce a PDF document with a nice layout, a content table, an index, captivating graphics, … I don’t even know how to use Adobe Professional to create a PDF document with embedded JavaScript. So don’t ask me questions about producing “benign” PDF documents, because I don’t have a clue.

But I do have build-up expertise in malicious PDF documents. I’ve become an expert in analyzing PDF malware. I know how to create a PDF document with embedded JavaScript from scratch, just using a text editor (and I’ve build tools to automate this). And I can perform a forensic analysis of PDF documents.

My PDF expertise is limited to malicious usage and forensics. Outside of the IT security field, people with my expertise are not considered PDF experts. It wasn’t intended as false modesty, I just can’t help you troubleshoot “benign” PDFs 😉

1 Comment »

  1. […] Didier has made available the presentation he gave at his ISSA/OWASP talk. You can also grab the demo files. Neato stuff. My ISSA / OWASP Talk “Risky PDF” << Didier Stevens […]

    Pingback by Interesting Information Security Bits for 11/19/2008 at Infosec Ramblings — Wednesday 19 November 2008 @ 21:05

RSS feed for comments on this post. TrackBack URI

Leave a Reply (comments are moderated)

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Blog at WordPress.com.