A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Dynamic Analysis of Flash Files - Jacob Thompson Derbycon 2015 (Hacking Illustrated Series InfoSec Tutorial Videos)

Dynamic Analysis of Flash Files
Jacob Thompson
Derbycon 2015

Adobe Flash can be a roadblock and source of frustration for web application penetration testers. Implementation details in the Flash debugger make it difficult to debug the ActionScript code within a release-build SWF file. In this talk, I give a general overview of the process of debugging ActionScript in Flash and AIR SWF files. I then introduce a tool I have written to inject synthetic file and line-number information into release SWF files, converting them into debuggable ones and allowing them to be dynamically analyzed using standard tools.

Jacob Thompson is a Senior Security Analyst for Independent Security Evaluators, where he specializes in high-end, custom security assessments of computer hardware and software products. With 10+ years' experience, a propensity toward hands-on security assessment, and proficiencies in reverse engineering, DRM systems, cryptography, system and application security, and secure system design. Through his 3 years' work with ISE, Mr. Thompson has partaken in multiple major vulnerabilities and assessments, customer visits, and progress presentations. He has presented his research at DEFCON 21, BSides DC 2013 & 2014, DERBYCON 4.0, and ToorCon 2014.

Back to Derbycon 2015 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast