2026-05-08 –, C1.05.12: Workshops and Stage (lift to level 5 room #12)
This is a hands-on presentation that will guide you through the world of PDF exploitation, showcasing how this ubiquitous document format can serve as a vessel for malicious JavaScript malware. Dive into real-world vulnerabilities that have been leveraged to execute harmful code directly through PDF files posing major threats in today's cybersecurity landscape.
Key exploit techniques explored will include:
Data Exfiltration Tactics: Discover methods for covertly extracting sensitive data, such as email addresses and system information, from unsuspecting users.
Embedding Malware in PDFs: Learn how adversaries embed malicious scripts within PDF files, tricking users into triggering exploits in Adobe Reader through typical file interactions.
We'll dissect techniques including shellcode injection, buffer overflow attacks, Adobe Reader exploitation, and memory manipulation each engineered to deliver and execute malware efficiently.
This session is ideal for offensive security professionals, penetration testers, and threat emulation experts seeking to elevate their understanding of PDF-based threats and enhance their testing skills. Uncover how these sophisticated attacks work and walk away with actionable strategies to counter them.
More information about the presentation can be found in this article: https://labs.segura.blog/unmasking-the-threat-a-deep-dive-into-the-pdf-malicious-2/
Outline
1. Introduction
- Welcome & Objectives
- Importance of PDF Security in Today’s Threat Landscape
Overview of Hands-On Approach
2. Anatomy of a PDF File
- PDF File Structure Overview
- Common Features Abused by Attackers
- JavaScript Capabilities Within PDFs
3. Real-World Vulnerabilities
- Demo: Analyzing a Malicious PDF Sample
4. Key Exploit Techniques
- Heap Spray Attacks
- Concept and Mechanism
- Demo: Shellcode Injection via Heap Spray
- Data Exfiltration Tactics
- Covert Data Extraction Methods
- Demo: Harvesting User Data from PDF Interaction
- Embedding Malware in PDFs
- Techniques for Payload Embedding
- Demo: Triggering Exploits Through User Actions
5. Advanced Attack Vectors
- Shellcode Injection & Buffer Overflows
- Memory Manipulation in Adobe Reader
- Demo: Exploiting Adobe Reader Vulnerabilities
6. Hands-On Exercise
- Guided Lab: Analyzing and Crafting Malicious PDFs
- Indicators of Compromise (IoCs)
- Safe Testing Practices
I’ve been working as Head of Techincal Advocacy at SCYTHE, Founder & Investor at Cross Intelligence, BSides Porto Organizer, Red Team Village Director (DEF CON), Senior Advisor Raices Cyber Academy, Founder of Red Team Community (Brazil and LATAM), AWS Community Builder, Snyk Ambassador, Application Security Specialist and Hacking is NOT a crime Advocate. International Speaker at Security and New technologies events in many countries such as US (Black Hat & Defcon), Canada, France, Spain, Germany, Poland, Black Hat MEA - Middle-East - and others, I’ve served as University Professor in Master Degree in Portugal, Graduation and MBA courses at Brazilian colleges, in addition, I'm Creator and Instructor of the Course - Malware Attack Types with Kill Chain Methodology (PentestMagazine), PowerShell and Windows for Red Teamers(PentestMagazine) and Malware Analysis - Fundamentals (HackerSec).