Training Teaser: Token Hijacking via PDF File – Video Tutorial

René Pfeiffer/ June 15, 2023/ Conference, Training

The picture shows a drawn virus sitting on a paper on a desktop. It serves to illustrate viruses embedded in office documents. The image was created by the Midjourney image generator.Portable documents are nice. It’s always an advantage to read and process documents on different platforms. The Portable Document Format (PDF) is a common format. Unfortunately, PDF can be abused to attack you.

PDF files are everywhere and these files can be used to hack your web application. Imagine that the attacker prepares a malicious PDF file which steals sensitive data from a user. The PDF file is uploaded to the web application, the user reads this PDF file, and finally sensitive data is exfiltrated from the user’s browser. It’s scary, isn’t it?

In a free video, Dawid Czagan (DeepSec instructor) will show you step by step how this attack works and how you can check if your web application is vulnerable to this attack. Dawid has prepared a free video for you. Have a look and consider joining Dawid Czagan’s training Full-Stack Pentesting Laboratory: 100% Hands-On + Lifetime LAB Access (14-15 November, DeepSec 2023).

Share this Post

About René Pfeiffer

System administrator, lecturer, hacker, security consultant, technical writer and DeepSec organisation team member. Has done some particle physics, too. Prefers encrypted messages for the sake of admiring the mathematical algorithms at work.