The Irrelevance of K-Bytes Detection - Building a Robust Pipeline for Malicious Documents

d22Tzb0h9V4/default.jpg

Security teams must address the countless vulnerabilities in popular document formats like PDFs, Office files and legacy textual formats. This session will cover the best practices on how to build a document analysis pipeline including the pros and cons of true type detection, sandboxing, signatures, dynamic/static content inspection, isolation and content disarming and reconstruction. We will also cover the attackers view and the different evasion techniques of malicious payloads going through a carefully designed document analysis pipeline.

by Dan Amiga and Dor Knafo

Full Abstract & Presentation Materials:
https://www.blackhat.com/asia-17/brie...



d22Tzb0h9V4/default.jpg
The Irrelevance of K-Bytes Detection - Building a Robust Pipeline for Malicious Documents The Irrelevance of K-Bytes Detection - Building a Robust Pipeline for Malicious Documents Reviewed by Anonymous on January 19, 2018 Rating: 5