SlideShare a Scribd company logo

Hacker guide to adobe flash security

Lior Bruder
Lior Bruder

f you're an Adobe Flash or Flex Developer, looking to build secured and hard to break solutions - this WebiTalk is a must! App developers, game developers, website developers - Don't miss on the opportunity to learn how to build secured Flash & Flex applications and deliver a secured experience for your customers

Technology
1 of 29
Hacker guide to Adobe Flash Security The open doors and the right locks Lecturer: LiorBruder lior@11sheep.com
What’s on the menu Security introduction Flash VM Network security Memory protection Attack servers
Attacker experience Beginner ,[object Object]
Using ready made tools
Can make a lot of damage but…
Can be easily tracked,[object Object]
Basic knowledge of OS and network
Search and share information (blogs, forums, etc.),[object Object]
Strong knowledge of IT systems, OS, AI, PBX, network, legal issues
Wide range of resources (Servers, Sniffers, etc.)
Hard to detect,[object Object]
Hacking types Listening on the network (Cloud) Hacker Server User
Flash VM (1)
Flash VM (2)
SWF file structure Every SWF file is open source
Demonstrations Decompiling SWF file Obfuscating SWF file
So, how to secure you SWF? Put logic on server Code obfuscation Do not hardcode
Network layers
Packet sniffing ,[object Object]
Charles (Layers 6-7)
Fiddler (Layers 6-7)
WireShark (Layers 2-7),[object Object]
So, How to protect your data? Use binarry data instead of text /XML Hash your data (MD5, Sha1) Use sessions Use secure channel (SSL/RTMPE) Time changing password Use common logic
Secured loading Step 4 - Decrypt SWF data and load SWF (SWFLoader) Step 1 - Download only frame application Step 3 - Download main app Client Server Step 2 - Open encrypted channel (SSL)
Memory protection You don’t know where your SWF will be used There are many memory viewers (like Cheat engine http://www.cheatengine.org/ )
Demonstrations Changing data on SWF file
So, how to protect memory? Scramble important data (Random) Use checksum on data Don’t count on garbage collection
Why use attack server? Cause DOS Damage remote site database Multiple registrations Login to accounts Many more
Passwords protection Encourage the user to use complex password Don’t use trivial combinations Hash the password (MD5) IPtoLocation filter Use smart captcha

Recommended

ISDD Security Precautions
ISDD Security PrecautionsISDD Security Precautions
ISDD Security PrecautionsForrester High School
 
password cracking and Key logger
password cracking and Key loggerpassword cracking and Key logger
password cracking and Key loggerPatel Mit
 
ISDD - Security Risks
ISDD - Security RisksISDD - Security Risks
ISDD - Security RisksForrester High School
 
Password cracking and brute force
Password cracking and brute forcePassword cracking and brute force
Password cracking and brute forcevishalgohel12195
 
Password Attack
Password Attack Password Attack
Password Attack Sina Manavi
 
Moodle security
Moodle securityMoodle security
Moodle securityDilum Bandara
 
Password based cryptography
Password based cryptographyPassword based cryptography
Password based cryptographyIshraq Al Fataftah
 
File security system
File security systemFile security system
File security systemÁŠHÍŸÂ ŹÂBÊÊÑ
 

Recommended

ISDD Security Precautions
ISDD Security PrecautionsISDD Security Precautions
ISDD Security PrecautionsForrester High School
 
password cracking and Key logger
password cracking and Key loggerpassword cracking and Key logger
password cracking and Key loggerPatel Mit
 
ISDD - Security Risks
ISDD - Security RisksISDD - Security Risks
ISDD - Security RisksForrester High School
 
Password cracking and brute force
Password cracking and brute forcePassword cracking and brute force
Password cracking and brute forcevishalgohel12195
 
Password Attack
Password Attack Password Attack
Password Attack Sina Manavi
 
Moodle security
Moodle securityMoodle security
Moodle securityDilum Bandara
 
Password based cryptography
Password based cryptographyPassword based cryptography
Password based cryptographyIshraq Al Fataftah
 
File security system
File security systemFile security system
File security systemÁŠHÍŸÂ ŹÂBÊÊÑ
 
Tip sheet
Tip sheet Tip sheet
Tip sheet- Mark - Fullbright
 
Password craking techniques
Password craking techniques Password craking techniques
Password craking techniques أحلام انصارى
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingPallavi Sonone
 
Password Cracking
Password CrackingPassword Cracking
Password CrackingHajer alriyami
 
A day that will be remembered
A day that will be rememberedA day that will be remembered
A day that will be rememberedwolverine0614
 
Network Security
Network SecurityNetwork Security
Network SecurityEnglish TVTC
 
Password Cracking
Password Cracking Password Cracking
Password Cracking Sina Manavi
 
Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9koolkampus
 
Security R U Totally Secure !
Security R U Totally Secure ! Security R U Totally Secure !
Security R U Totally Secure ! trendy updates
 
Computer security
Computer securityComputer security
Computer securityKawsar Ahmed
 
Soham web security
Soham web securitySoham web security
Soham web securitySoham Sengupta
 
Crontab Cyber Security session 3
Crontab Cyber Security session 3Crontab Cyber Security session 3
Crontab Cyber Security session 3gpioa
 
Password hacking
Password hackingPassword hacking
Password hackingAbhay pal
 
Internet Security Guidelines for Teachers and Students
Internet Security Guidelines for Teachers and Students Internet Security Guidelines for Teachers and Students
Internet Security Guidelines for Teachers and Students Antony Rappai
 
Razif Ben Syena 7a Creation
Razif Ben Syena 7a CreationRazif Ben Syena 7a Creation
Razif Ben Syena 7a Creationguest3e10043
 
20120512 persona mdn_hackday_ldn
20120512 persona mdn_hackday_ldn20120512 persona mdn_hackday_ldn
20120512 persona mdn_hackday_ldnteoli2003
 
Password Attack
Password AttackPassword Attack
Password AttackAliaqa Hosainy
 
Safe computing (Tips & Tricks)
Safe computing (Tips & Tricks)Safe computing (Tips & Tricks)
Safe computing (Tips & Tricks)Satyendra Arora
 
Encrip 2.0
Encrip 2.0Encrip 2.0
Encrip 2.0SHAMSU MUSA ABDULRASHEED
 
How does Ransomware Works?
How does Ransomware Works? How does Ransomware Works?
How does Ransomware Works? Mathieu Ferland
 
Windows network security
Windows network securityWindows network security
Windows network securityInformation Technology
 
Hack the hack
Hack the hackHack the hack
Hack the hackShakti Ranjan
 

More Related Content

What's hot

A day that will be remembered
A day that will be rememberedA day that will be remembered
A day that will be rememberedwolverine0614
 
Password Cracking
Password Cracking Password Cracking
Password Cracking Sina Manavi
 
Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9koolkampus
 
Security R U Totally Secure !
Security R U Totally Secure ! Security R U Totally Secure !
Security R U Totally Secure ! trendy updates
 
Crontab Cyber Security session 3
Crontab Cyber Security session 3Crontab Cyber Security session 3
Crontab Cyber Security session 3gpioa
 
Password hacking
Password hackingPassword hacking
Password hackingAbhay pal
 
Internet Security Guidelines for Teachers and Students
Internet Security Guidelines for Teachers and Students Internet Security Guidelines for Teachers and Students
Internet Security Guidelines for Teachers and Students Antony Rappai
 
Razif Ben Syena 7a Creation
Razif Ben Syena 7a CreationRazif Ben Syena 7a Creation
Razif Ben Syena 7a Creationguest3e10043
 
20120512 persona mdn_hackday_ldn
20120512 persona mdn_hackday_ldn20120512 persona mdn_hackday_ldn
20120512 persona mdn_hackday_ldnteoli2003
 
Safe computing (Tips & Tricks)
Safe computing (Tips & Tricks)Safe computing (Tips & Tricks)
Safe computing (Tips & Tricks)Satyendra Arora
 
How does Ransomware Works?
How does Ransomware Works? How does Ransomware Works?
How does Ransomware Works? Mathieu Ferland
 

What's hot (20)

Tip sheet
Tip sheet Tip sheet
Tip sheet
 
Password craking techniques
Password craking techniques Password craking techniques
Password craking techniques
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Password Cracking
Password CrackingPassword Cracking
Password Cracking
 
A day that will be remembered
A day that will be rememberedA day that will be remembered
A day that will be remembered
 
Network Security
Network SecurityNetwork Security
Network Security
 
Password Cracking
Password Cracking Password Cracking
Password Cracking
 
Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9
 
Security R U Totally Secure !
Security R U Totally Secure ! Security R U Totally Secure !
Security R U Totally Secure !
 
Computer security
Computer securityComputer security
Computer security
 
Soham web security
Soham web securitySoham web security
Soham web security
 
Crontab Cyber Security session 3
Crontab Cyber Security session 3Crontab Cyber Security session 3
Crontab Cyber Security session 3
 
Password hacking
Password hackingPassword hacking
Password hacking
 
Internet Security Guidelines for Teachers and Students
Internet Security Guidelines for Teachers and Students Internet Security Guidelines for Teachers and Students
Internet Security Guidelines for Teachers and Students
 
Razif Ben Syena 7a Creation
Razif Ben Syena 7a CreationRazif Ben Syena 7a Creation
Razif Ben Syena 7a Creation
 
20120512 persona mdn_hackday_ldn
20120512 persona mdn_hackday_ldn20120512 persona mdn_hackday_ldn
20120512 persona mdn_hackday_ldn
 
Password Attack
Password AttackPassword Attack
Password Attack
 
Safe computing (Tips & Tricks)
Safe computing (Tips & Tricks)Safe computing (Tips & Tricks)
Safe computing (Tips & Tricks)
 
Encrip 2.0
Encrip 2.0Encrip 2.0
Encrip 2.0
 
How does Ransomware Works?
How does Ransomware Works? How does Ransomware Works?
How does Ransomware Works?
 

Similar to Hacker guide to adobe flash security

Hacking 1224807880385377-9
Hacking 1224807880385377-9Hacking 1224807880385377-9
Hacking 1224807880385377-9Geoff Pesimo
 
Computer Systems Security
Computer Systems SecurityComputer Systems Security
Computer Systems Securitydrkelleher
 
Computersystemssecurity 090529105555-phpapp01
Computersystemssecurity 090529105555-phpapp01Computersystemssecurity 090529105555-phpapp01
Computersystemssecurity 090529105555-phpapp01Miigaa Mine
 
01-intro-thompson.ppt
01-intro-thompson.ppt01-intro-thompson.ppt
01-intro-thompson.pptSadiaMuqaddas
 
Computer and Network Security
Computer and Network SecurityComputer and Network Security
Computer and Network SecurityAsif Raza
 
01-intro-thompson.ppt
01-intro-thompson.ppt01-intro-thompson.ppt
01-intro-thompson.pptROHITCHHOKER3
 
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)Avansa Mid- en Zuidwest
 
Smart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSmart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationTom Eston
 
Ceh certified ethical hacker
Ceh certified ethical hackerCeh certified ethical hacker
Ceh certified ethical hackerbestip
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Securitybelsis
 
Module 8 System Hacking
Module 8 System HackingModule 8 System Hacking
Module 8 System Hackingleminhvuong
 
Secure programming with php
Secure programming with phpSecure programming with php
Secure programming with phpMohmad Feroz
 
Module 5 (system hacking)
Module 5 (system hacking)Module 5 (system hacking)
Module 5 (system hacking)Wail Hassan
 
How to 2FA-enable Open Source Applications
How to 2FA-enable Open Source ApplicationsHow to 2FA-enable Open Source Applications
How to 2FA-enable Open Source ApplicationsAll Things Open
 

Similar to Hacker guide to adobe flash security (20)

Windows network security
Windows network securityWindows network security
Windows network security
 
Hack the hack
Hack the hackHack the hack
Hack the hack
 
Hacking 1224807880385377-9
Hacking 1224807880385377-9Hacking 1224807880385377-9
Hacking 1224807880385377-9
 
Hacking by Pratyush Gupta
Hacking by Pratyush GuptaHacking by Pratyush Gupta
Hacking by Pratyush Gupta
 
Ceh v5 module 05 system hacking
Ceh v5 module 05 system hackingCeh v5 module 05 system hacking
Ceh v5 module 05 system hacking
 
Computer Systems Security
Computer Systems SecurityComputer Systems Security
Computer Systems Security
 
Computersystemssecurity 090529105555-phpapp01
Computersystemssecurity 090529105555-phpapp01Computersystemssecurity 090529105555-phpapp01
Computersystemssecurity 090529105555-phpapp01
 
01-intro-thompson.ppt
01-intro-thompson.ppt01-intro-thompson.ppt
01-intro-thompson.ppt
 
Computer and Network Security
Computer and Network SecurityComputer and Network Security
Computer and Network Security
 
01-intro-thompson.ppt
01-intro-thompson.ppt01-intro-thompson.ppt
01-intro-thompson.ppt
 
01-intro-thompson.ppt
01-intro-thompson.ppt01-intro-thompson.ppt
01-intro-thompson.ppt
 
cyber sec.ppt
cyber sec.pptcyber sec.ppt
cyber sec.ppt
 
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
 
Smart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSmart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and Exploitation
 
Ceh certified ethical hacker
Ceh certified ethical hackerCeh certified ethical hacker
Ceh certified ethical hacker
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
 
Module 8 System Hacking
Module 8 System HackingModule 8 System Hacking
Module 8 System Hacking
 
Secure programming with php
Secure programming with phpSecure programming with php
Secure programming with php
 
Module 5 (system hacking)
Module 5 (system hacking)Module 5 (system hacking)
Module 5 (system hacking)
 
How to 2FA-enable Open Source Applications
How to 2FA-enable Open Source ApplicationsHow to 2FA-enable Open Source Applications
How to 2FA-enable Open Source Applications
 

Recently uploaded

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 

Recently uploaded (20)

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 

Hacker guide to adobe flash security

  • 1. Hacker guide to Adobe Flash Security The open doors and the right locks Lecturer: LiorBruder lior@11sheep.com
  • 2. What’s on the menu Security introduction Flash VM Network security Memory protection Attack servers
  • 3.
  • 4. Using ready made tools
  • 5. Can make a lot of damage but…
  • 6.
  • 7. Basic knowledge of OS and network
  • 8.
  • 9. Strong knowledge of IT systems, OS, AI, PBX, network, legal issues
  • 10. Wide range of resources (Servers, Sniffers, etc.)
  • 11.
  • 12. Hacking types Listening on the network (Cloud) Hacker Server User
  • 15. SWF file structure Every SWF file is open source
  • 16. Demonstrations Decompiling SWF file Obfuscating SWF file
  • 17. So, how to secure you SWF? Put logic on server Code obfuscation Do not hardcode
  • 19.
  • 22.
  • 23. So, How to protect your data? Use binarry data instead of text /XML Hash your data (MD5, Sha1) Use sessions Use secure channel (SSL/RTMPE) Time changing password Use common logic
  • 24. Secured loading Step 4 - Decrypt SWF data and load SWF (SWFLoader) Step 1 - Download only frame application Step 3 - Download main app Client Server Step 2 - Open encrypted channel (SSL)
  • 25. Memory protection You don’t know where your SWF will be used There are many memory viewers (like Cheat engine http://www.cheatengine.org/ )
  • 27. So, how to protect memory? Scramble important data (Random) Use checksum on data Don’t count on garbage collection
  • 28. Why use attack server? Cause DOS Damage remote site database Multiple registrations Login to accounts Many more
  • 29. Passwords protection Encourage the user to use complex password Don’t use trivial combinations Hash the password (MD5) IPtoLocation filter Use smart captcha
  • 30. Passwords (1) Encourage the user to use complex password
  • 31. Passwords (2) Block trivial combinations You details: Name: Liorbruder Birthdate: 16/7/1983 Id number: 033099124 Common passwords: Liorbruder Lior1 Lior16071983 Bruderlior Brudergmail 033099124
  • 32. Passwords (3) Hash the password (MD5)
  • 33. Passwords (3) Trivial passwords will be easy to detect PasswordHash lior1 - e9d9dc5987d3fd2369e10ed0a8c32d8a good - 7faae226566c91d06a0d741e0c9d3ae6 bruder - e9d9dc5987d3fd2369e10ed0a8c32d8a test - 098f6bcd4621d373cade4e832627b4f6
  • 34. Passwords (4) How to steal captcha On your site Somewhere on the internet… Welcome to my site Do you want to see the next picture? User name: Password: For security please retype the following characters:
  • 35.