Neat, New, and Ridiculous Flash Hacks presented at BlackHatDC 2010

by Mike "mckt" Bailey,


Summary : Flash is scary stuff. It's installed on just about everybody's web browser, used everywhere, and has a poor security track record. Even within the web application security community, its quirks are poorly understood. Known and intentional behavior can have serious consequences which merit exploration.
This talk is a discussion of new flash-based attacks, repurposing of old attacks, and demonstrations of working (and sometimes ridiculously complex) attacks on Gmail, Twitter, and other major websites.