RTF Abuse: Exploitation, Evasion and Counter Measures

Tech 2 (718B) October 19, 2016 1:25 pm - 2:25 pm Feedback     

Bookmark and Share

Devon Greene

If you knew how many ways you could obfuscate and deliver payloads with RTF documents, you would have thought it was a file format Microsoft secretively purchased from Adobe. Kidding aside, 2016 has peeked my interest in the RTF specification and you should learn why.  This talk walks through research experiences and examples that take advantage of the RTF specification and address these three areas: exploitation, evasion and counter measures.

Audience members can expect to gain a technical understanding of the following:

  • How this file format type can be leveraged in attacks
  • Different ways RTF documents can be obfuscated to bypass security technologies
  • Counter measures that will help keep you alert when this is occurring