* [Blog](https://www.paloaltonetworks.com/blog) * [Palo Alto Networks](https://www.paloaltonetworks.com/blog/corporate/) * [Endpoint](https://www.paloaltonetworks.com/blog/category/endpoint-2/) * Diving Deep Into PDF Expl... # Diving Deep Into PDF Exploit Kits at Black Hat Europe 2014 [](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2014%2F10%2Fdiving-deep-pdf-exploit-kits-black-hat-europe-2014%2F) [](https://twitter.com/share?text=Diving+Deep+Into+PDF+Exploit+Kits+at+Black+Hat+Europe+2014&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2014%2F10%2Fdiving-deep-pdf-exploit-kits-black-hat-europe-2014%2F) [](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2014%2F10%2Fdiving-deep-pdf-exploit-kits-black-hat-europe-2014%2F&title=Diving+Deep+Into+PDF+Exploit+Kits+at+Black+Hat+Europe+2014&summary=&source=) [](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/2014/10/diving-deep-pdf-exploit-kits-black-hat-europe-2014/&ts=markdown) \[\](mailto:?subject=Diving Deep Into PDF Exploit Kits at Black Hat Europe 2014) Link copied By [Sebastian Goodwin](https://www.paloaltonetworks.com/blog/author/sebastian-goodwin/?ts=markdown "Posts by Sebastian Goodwin") Oct 17, 2014 3 minutes [Endpoint](https://www.paloaltonetworks.com/blog/category/endpoint-2/?ts=markdown) [Events](https://www.paloaltonetworks.com/blog/category/events/?ts=markdown) [Advanced Endpoint Protection](https://www.paloaltonetworks.com/blog/tag/advanced-endpoint-protection/?ts=markdown) [Black Hat Europe](https://www.paloaltonetworks.com/blog/tag/black-hat-europe/?ts=markdown) [Traps](https://www.paloaltonetworks.com/blog/tag/traps/?ts=markdown) While I was at Black Hat Europe 2014 in Amsterdam this week, I sat through a great hands-on workshop called "PDF Attack: A Journey From the Exploit Kit to the Shellcode." In this session, Jose Miguel Esparza demonstrated some of the latest exploit kits and how to analyze and deconstruct them. ### Exploits have become more advanced, targeted, and evasive Jose began the session by describing why these exploits have been so effective in bypassing countermeasures and infecting targeted systems. Advanced targeted exploits leverage multiple evasion techniques including VM detection, country detection, IP address filtering, single-use URLs, AV detection, and many others, all of which makes them highly targeted and difficult to detect. Next, he passed out two USB memory sticks full of malicious PDF samples and exploit kits for us to use in order to follow along with the demonstration. It felt rather ironic to willingly accept a malware infested USB stick -- especially at Black Hat! Some of the audience members wanted nothing to do with it. When it was my turn with the memory stick, I took it as my neighbor looked on in horror. He refused to even touch the thing. After carefully extracting the contents to an isolated environment, my real-time antivirus scanner lit up for a moment, identifying a few of the files as malicious, but it seemed to think most of them were just fine. After watching Jose dissect code in PDF files for an hour or so using neat tools like [peepdf](http://eternal-todo.com/tools/peepdf-pdf-analysis-tool), my attention turned to the contents of that memory stick. I just couldn't wait to see what kind of damage could be done with those malicious PDFs in my test environment. I opened up the folder and did what end-users do: I double-clicked. ### But wait, the exploits don't work! I want my money back! Well, I'm sure they worked fine for everyone else in the room, but not for me. Immediately upon opening the first PDF file, I was stopped in my tracks. No, it wasn't my antivirus suite (which includes features like access protection, buffer overflow protection, on-access scanner, and many others, by the way). The exploit was prevented by Traps. Traps is our new Advanced Endpoint Protection product and I happened to have it running in my test environment. I proceeded to open the remaining malicious PDFs and each was prevented by one of the Traps prevention modules as my antivirus stood idly by in its customary state of signature-based unawareness. How was Traps able to prevent these exploits, you ask? Traps takes a fundamentally different approach to endpoint protection. Rather than trying to detect signatures or patterns of malicious behavior, Traps focuses on the exploit techniques that are common to all attacks and simply prevents those techniques from being used. To learn more about how it works, check out Traps [here](https://www.paloaltonetworks.com/products/endpoint-security.html). *** ** * ** *** ## Related Blogs ### [Endpoint](https://www.paloaltonetworks.com/blog/category/endpoint-2/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown) [#### Introducing Traps for Android](https://www.paloaltonetworks.com/blog/2018/06/introducing-traps-android/) ### [Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown), [Endpoint](https://www.paloaltonetworks.com/blog/category/endpoint-2/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown) [#### Traps "Recommended" in NSS Labs Advanced Endpoint Protection Test](https://www.paloaltonetworks.com/blog/2018/04/traps-recommended-nss-labs-advanced-endpoint-protection-test/) ### [Endpoint](https://www.paloaltonetworks.com/blog/category/endpoint-2/?ts=markdown) [#### Traps Prevents Ransomware Attacks](https://www.paloaltonetworks.com/blog/2017/11/traps-prevents-ransomware-attacks/) ### [Endpoint](https://www.paloaltonetworks.com/blog/category/endpoint-2/?ts=markdown) [#### Traps Prevents Microsoft Office Zero-Day](https://www.paloaltonetworks.com/blog/2017/10/traps-prevents-microsoft-office-zero-day/) ### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Endpoint](https://www.paloaltonetworks.com/blog/category/endpoint-2/?ts=markdown) [#### Traps: Expanding Ransomware Protection for Current and Future Threats](https://www.paloaltonetworks.com/blog/2017/09/traps-4-1/) ### [Endpoint](https://www.paloaltonetworks.com/blog/category/endpoint-2/?ts=markdown) [#### AV-TEST Validated: Traps Can Replace Legacy Antivirus](https://www.paloaltonetworks.com/blog/2017/08/av-test-validated-traps-can-replace-legacy-antivirus/) ### Subscribe to the Blog! Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more. ![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up Please enter a valid email. By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder. This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply. {#footer} {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language