Comparison of PDF Threat Detection Methods
Author: Mikhail Smirnov
One of the methods the modern information world employs to infect electronic devices is the use of vulnerabilities present in office applications, web browsers, Java, etc. Such methods are usually implemented to conduct cyber-attacks against production enterprises. Signature techniques help to detect and protect systems from such threats, but only during the second wave of the attack. It means a threat goes first, and then a signature and detection appear.
The author analyzes the results of detecting different well-known PDF vulnerabilities both in the PDF file as a whole and in its various specific objects related to the vulnerabilities; compares vulnerability action in different Adobe Reader software versions; compares various well-known utilities used to search vulnerabilities in PDF files (jsunpack, peepdf); describes the results of experiments with dynamic instrumentation utilities (pintools, DynamoRIO) and conditions of such utilities implementation.
Mikhail Smirnov graduated from National Research Nuclear University MEPhI. He is a postgraduate student now. He worked as a research engineer for RU-CERT.