Didier Stevens
Didier Stevens (SANS ISC Senior Handler) is a Senior Analyst working at NVISO. Didier has developed and published more than 100 open-source tools mostly for malware analysis, several of them popular in the security community. You can find his open source security tools on his IT security related blog https://blog.DidierStevens.com
Session
Maybe you already attended a maldoc analysis workshop from Didier at the Hack.lu conference. Didier has delivered workshops on PDF, Office and RTF document analysis. These workshops were bottom-up: we first learn about the fundamentals, and gradually we make our way through ever more complex exercises.
This workshop is the other way around: we go top-down (and we cover PDF, Office and RTF in the same workshop). We don’t start with the fundamentals (they will come later during the exercises when necessary), but we start directly with exercise files that we first have to identify, and then decide how to proceed with the analysis.
We immediately start with real maldoc samples, and you learn how to triage the file and start the analysis. You will learn what tools to use depending on the type of maldoc, and what analysis strategy to follow. You will also be guided with custom decision trees designed for this workshop, that you can use later on in your professional practice.
And we will also cover some automation to perform batch analysis.