Course Description
Course contents
Day 1
Introduction to the PDF language
Identification of PDF files with pdfid
Analysis of PDF files with pdf-parser (20 custom designed exercises)
Analysis of real malicious PDF files found “in the wild”
Day 2
Introduction to the OLE (CBF) file format
Introduction to Microsoft’s Office Open XML format
Analysis of MS Office files with oledump (30 custom designed exercises)
Analysis of real malicious MS Office files found “in the wild”
Day 3
Creation of (malicious) PDF files
Creation of (malicious) MS Office files
Requirements
This training is for technical IT security professionals like pentesters, analysts and incident responders, but also for interested hackers. It’s recommended to be familiar with command line tools. Programming knowledge is not required.
Requirements
TO BE ADDED
Hardware/Software requirements
- A Windows laptop
- MS Office (this is only needed for day 3, Creation of (malicious) MS Office files)
- Administrative rights
- Rights to disable AV
Testimonials
“Presented the material in a very logical way, increased the difficulty step by step. Added some extra info related to the analysis, such as heap-spray, python scripting etc.”
“Great value for money !”
“It is clear that Didier can rely on many years of experience in the trenches of information security, and he is gifted with the exceptional skill of transferring his knowledge in a clear and relaxed way.“
Trainer Biography
Didier Stevens (Microsoft MVP Consumer Security, SANS ISC Senior Handler, GREM – GIAC Reverse Engineering Malware, GCIH, CISSP, GSSP-C, MCSD .NET, MCSE/Security, MCITP Windows Server 2008, RHCT, CCNP Security, OSWP, WCNA) is a Senior Analyst working at NVISO (https://www.nviso.be)
Didier is a pioneer in malicious PDF document research and malicious MS Office documents analysis, and has developed several tools to help with the analysis of malicious documents like PDF and MS Office files.
You can find his open source security tools on his IT security related blog https://blog.didierStevens.com