Abusing RTF: Evasion, Exploitation and Counter Measures

DerbyCon 6.0 - Recharge

Presented by: Devon Greene
Date: Friday September 23, 2016
Time: 12:30 - 12:55
Location: Pimlico
Track: Stable Talks

If you knew how many ways you could obfuscate and deliver payloads with RTF documents, you would have thought it was a file format Microsoft secretively purchased from Adobe. 2016 has peeked my interest in the RTF specification, come learn why. This talk walks through examples that abuse the RTF specification and address these 3 key areas with RTF documents: Exploitation, Evasion and Exfiltration.

Audience members will gain a technical understanding of: How this file format type is being leveraged in attacks today; Many ways RTF documents can be obfuscated to bypass security technologies; Ex-filtrate data in plain sight.

So come check it out! I’ve got evasions so effective -- it’ll make you wanna slap yo’ mama!

Devon Greene

Devon Greene is currently a Sr. Security Researcher at IXIA. Previously he has served as a 1 man SoC team in various financial institutions and possesses an extensive background in Penetration Testing, Incident Response, and Malware Analysis. Devon has a passion for CTFs, automation, technology, tool development, and outdoor life.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats