Weapons of Targeted Attack: Modern Document Exploit Techniques presented at BlackhatUSA 2011

by Sung-ting Tsai, Ming-chieh Pan,

URL : https://media.blackhat.com/bh-us-11/Tsai/BH_US_11_TsaiPan_Weapons_Targeted_Attack_Slides.pdf

Summary : The most common and effective way is using document exploit in the targeted attack. Due to the political issue, we have had opportunities to observe APT (advanced persistent threat) attacks in Taiwan since 2004. Therefore we have studied and researched malicious document for a long period of time.
Recently, we found APT attacks (e.g. RSA) used the same technique as we disclosed last year, e.g. embedding flash exploit in an excel document. In order to protect users against malicious document and targeted attacks, we would like to discuss the past, present, and future of document exploit from technical perspective, and predict possible techniques could be used in a malicious document in the future by demonstrating "proof of concept" exploits.
The presentation will cover four major types of document attacks:
Advanced fuzzing techniques.
Techniques to against exploit mitigation technologies (DEP/ASLR).
Techniques to bypass sandbox and policy control.
Techniques to defeat behavior based protection, such as host IPS.