Weaponised PDFs

BCS (University of Bedfordshire Student Chapter), The CST School

DateThursday 29 Nov 2018
Time

18:30-20:30

Location

Room A004, University of Bedfordshire, University Square, Luton, LU1 3JU

SpeakerGeraint Williams, Chief Information Security Officer, GRC International Group
Abstract

The emotive title is a deliberate attention grabber, this talk is around the problem that we all face at work, home and study. Attackers sending malicious documents designed to infect our machines. The focus of this talk is about how the ubiquitous PDF format has been highjacked and turned into a weapon that can defeat AV and turn our machines into zombies controlled by evil nefarious masterminds hiding in cyberspace.

The objective of this talk is to educate the curious amongst us as to how the PDF file can be used as a weapon, how that use can be detected and how to protect against a malicious PDF. For the penetration tester this talk will show you how important it is to understand file formats and capabilities if you want to conduct advanced testing like social engineering in a no holds barred engagement where employees are fair game. For those doing forensics it will show how reverse engineering and knowledge of file formats can help detect how an attacker got into a network as part of incident response, and how forensic investigations can be an interesting growth career, especially with GDPR requiring breech investigation.

Profile

Photo I have previously taught Information Security, Ethical Hacking and Digital forensics at the University of Bedfordshire and since then have been a Payment Card Industry Qualified Security Assessor and consultant and have worked with breached companies along with household names to ensure they meet the minimum security requirement to protect cardholder data.. I have also worked as an Ethical Hacker and Information security consultant but now the Chief Information Security Officer for GRC International Group.

I am passionate about continued learning and being an evangelist for information security. My interests include electronics as well as computing and been know to turn Arduino and Raspberry Pi’s into hacking tools.

Agenda
18:00 Registration, refreshments and networking
18:30 Weaponised PDFs
20:00 Opportunity to question the speaker
20:30 Opportunity to network and talk to the speaker
Downloads

Weaponised PDF

Share on Facebook
<< >>

BBC News - Technology