Improving Flash Exploits Analysis presented at HackLu 2015

by Tillmann Werner,

Summary : Eight different zero-day vulnerabilities in Adobe Flash Player in 2015 so far, and analysts are struggling to get a handle on the problem: Malicous Flash poses some special challenges at them when trying to answer, for example, if a particular object is malicious, if it contains an exploit for a known vulnerability, or if variants of it have been observed before. Naturally, the answer is in the code. In this talk we will discuss ways of making the relevant information available and use it to write signatures that allow us to identify and classify variants of known exploit as well as understand unknown ones faster. Together with this presentation we will release swffile.py, a Python class to be used in custom analysis tools that provides an interface for SWF file parsing.