25C3 - 1.4.2.3
25th Chaos Communication Congress
Nothing to hide
Referenten | |
---|---|
fukami | |
BeF |
Programm | |
---|---|
Tag | Day 3 (2008-12-29) |
Raum | Saal 3 |
Beginn | 18:30 |
Dauer | 01:00 |
Info | |
ID | 2596 |
Veranstaltungstyp | lecture |
Track | Hacking |
Sprache der Veranstaltung | en |
Feedback | |
---|---|
Haben Sie diese Veranstaltung besucht? Feedback abgeben |
SWF and the Malware Tragedy
Hide and Seek in A. Flash
This talk rounds up possible web-based attacks using Flash with a particular focus on obfuscation, de-obfuscation and the generic detection of malicious SWF.
While there are some tools out there to analyze AS2 and AS3 based SWF, using various techniques, analysis of SWF can become a nightmare. Starting with a closer look at recent Flash based attacks, this talk will explore ways to recognise these attacks in advance on the one hand, and means to make it even more difficult to prevent them on the other hand. On the way, we will see why and how attackers obfuscate ActionScript code and what methods will probably be used in the future to make detection of malicious payloads much harder.