Weapons of Targeted Attack: Modern Document Exploit Techniques
- Type
- Paper
- Tags
- exploiting
- Authors
- Ming-chieh Pan, Sung-ting Tsai
- Event
- Black Hat USA 2011
- Indexed on
- Mar 15, 2014
- URL
- https://media.blackhat.com/bh-us-11/Tsai/BH_US_11_TsaiPan_Weapons_Targeted_Attack_WP.pdf
- File name
- BH_US_11_TsaiPan_Weapons_Targeted_Attack_WP.pdf
- File size
- 1.4 MB
- MD5
- e68c382cee221d33ba4b7b9c2962c976
- SHA1
- 3238468bb914dc1eb71139103b5bff322980ee92
The most common and effective way is using document exploit in the targeted attack. Due to the political issue, we have had opportunities to observe APT (advanced persistent threat) attacks in Taiwan since 2004. Therefore we have studied and researched malicious document for a long period of time. Recently, we found APT attacks (e.g. RSA) used the same technique as we disclosed last year, e.g. embedding flash exploit in an excel document. In order to protect users against malicious document and targeted attacks, we would like to discuss the past, present, and future of document exploit from technical perspective, and predict possible techniques could be used in a malicious document in the future by demonstrating "proof of concept" exploits.
About us
Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.
Statistics
Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.
Contribute
To support this site and keep it alive, you can click on the buttons below. Any help is really appreciated! This service is provided for free, but real money is needed to pay bills.
