25C3 -

25th Chaos Communication Congress
Nothing to hide

Tag Day 3 (2008-12-29)
Raum Saal 3
Beginn 18:30
Dauer 01:00
ID 2596
Veranstaltungstyp lecture
Track Hacking
Sprache der Veranstaltung en

SWF and the Malware Tragedy

Hide and Seek in A. Flash

This talk rounds up possible web-based attacks using Flash with a particular focus on obfuscation, de-obfuscation and the generic detection of malicious SWF.

While there are some tools out there to analyze AS2 and AS3 based SWF, using various techniques, analysis of SWF can become a nightmare. Starting with a closer look at recent Flash based attacks, this talk will explore ways to recognise these attacks in advance on the one hand, and means to make it even more difficult to prevent them on the other hand. On the way, we will see why and how attackers obfuscate ActionScript code and what methods will probably be used in the future to make detection of malicious payloads much harder.

Archived page - Impressum/Datenschutz