The Irrelevance of K-Bytes Detection - Building a Robust Pipeline for Malicious Documents
Security teams must address the countless vulnerabilities in popular document formats like PDFs, Office files and legacy textual formats. This session will cover the best practices on how to build a document analysis pipeline including the pros and cons of true type detection, sandboxing, signatures, dynamic/static content inspection, isolation and content disarming and reconstruction. We will also cover the attackers view and the different evasion techniques of malicious payloads going through a carefully designed document analysis pipeline.
by Dan Amiga and Dor Knafo
Full Abstract & Presentation Materials:
https://www.blackhat.com/asia-17/brie...