Abusing RTF - Exploitation, Evasion, and Exfiltration
Offered By: YouTube
Course Description
Overview
Explore advanced techniques for exploiting, evading detection, and exfiltrating data using RTF (Rich Text Format) in this 31-minute conference talk from Derbycon 2016. Dive into key points for both blue and red teams, examining RTF features, file extension tampering, magic files, and various evasion methods. Learn about real-world examples, bin substitution, control words, and fuzzing techniques using tools like Peach. Discover how to forge images, exploit vulnerabilities, and understand the exploit tree. Gain insights into countermeasures and potential failures, equipping yourself with valuable knowledge for both offensive and defensive cybersecurity strategies.
Syllabus
Introduction
Blue Team Key Points
Red Team Key Points
RTF Features
Why Care
File Extension Tampering
Magic Files
Mixed Case
Evasions
In the wild
What does this mean
Bin substitution
Control words
More examples
How to fuzz
Peach
Demo
Food for thought
Forge Images
Exploitation
Exploit Tree
countermeasures
other failures
Related Courses
Building Geospatial Apps on Postgres, PostGIS, & Citus at Large ScaleMicrosoft via YouTube Unlocking the Power of ML for Your JavaScript Applications with TensorFlow.js
TensorFlow via YouTube Managing the Reactive World with RxJava - Jake Wharton
ChariotSolutions via YouTube What's New in Grails 2.0
ChariotSolutions via YouTube Performance Analysis of Apache Spark and Presto in Cloud Environments
Databricks via YouTube