Reverse Engineering over Acrobat Reader using Immunity Debugger (RECON)

This is the video of the talk titled "RE over Adobe Acrobat Reader using Immunity Debugger" given by Pablo Sole at Recon 2008.

Talk Description: Nowadays, security research and vulnerability assessment is becoming more specific and attacks tends to be application-focused. Blind scanning using generic fuzzers and automated generic tools don't have a significant level of success anymore. Vendors tend to use more and more those tools as testbeds on each release. It's necessary to build specialized programs that interact directly with the debugger and modify their behavior according to deep information about protocols and different program state. With this task in mind we created Immunity Debugger, a free distributed debugger, fully script-able that joins the power of a fast and practical GUI, with the robustness and programmatic properties of Python. The presentation will cover how to use Immunity Debugger to achieve this objective, diving deeply in the Adobe Acrobat Reader internals and its Javascript engine as a case-study. Unleashed information on how to find the methods implemented by each JS object and decode each method's arguments. With all these information together, the talk will guide the audience in the elaboration of a custom fuzzer combining SPIKE and the JS information to achieve the maximum goal, finding bugs.

A high resolution video of the talk is available here. The presentation slides can be viewed here.

 

RECON is a computer security conference being held in Montreal. The conference offers a single track of presentations over the span of three days. RECON also offers a variety of technical training courses that take place just before the conference dates. Please contact them at gus [-at-] recon [-dot-] cx