This session delves deep into the intricate structures of PDF files, offering a meticulous analysis of each segment with a focus on identity threats. Unveiling the covert strategies of threat actors, we explore how they ingeniously incorporate malicious components into file structures, often leveraging identity-related data for targeted attacks. The session elucidates the meticulous collection of IOCs (Indicators of Compromise) and the construction of IOAs (Indicators of Attack) for behavioral analysis, empowering defenders to anticipate and thwart novel attack vectors that threaten identity security.
Our technical journey navigates through the PDF file's anatomy, encompassing headers, bodies, cross-reference tables, and trailers. Live demonstrations dissect malicious PDFs using tools like pdfid, pdf-parser, and pdftk, providing hands-on insights into the analysis process. The presentation unravels encoding techniques and exposes how threat actors exploit identity data to establish Command and Control (C&C) channels within PDFs. The session concludes with an opportunity for questions, equipping participants with advanced knowledge for robust malware analysis and proactive defense strategies, especially concerning identity security.