Friday, May 22 • 15:45 - 16:30
PDF - Mess With The Web

Sign up or log in to save this to your schedule and see who's attending!

In this presentation Alex Inführ talks about possible attack vectors against web pages by using PDFs.
First the structure of a simple PDF will be presented to give
a quick overview about the concept of PDF. Additionally interesting features in the PDF specification will be discussed.
This includes information about privileged JavaScript,FormCalc, XFA, Actions and more.
Adobe Reader also has some interesting security concepts, which mostly focus on protecting the end user on a system level.

In the second part Alex Inführ will cover possible attacks against the user. This includes web related issues as well as attacks against the end user system.
The attacks show how privileged JavaScript can be used to steal local files from the user. Additionally possible XXE issues will be covered.
Another big topic is FormCalc and the possibility to read any file same origin. This gives attackers the possibility to break CSRF protection completely.

Last but not least Alex Inführ will talk about what protection could be applied.
This will cover methods for end users as well as for website owners. 

avatar for Alex Inführ

Alex Inführ

Alexander Inführ is a master student from Austria. He is studying information security at the University of applied science in St. Pölten, Austria. Beside being a student Alex works for the pentesting firm cure53 as a pentester. He is especially interested in web related... Read More →

Friday May 22, 2015 15:45 - 16:30
Room E102 Amsterdam RAI

Attendees (0)