SlideShare a Scribd company logo

Hacker guide to adobe flash security

Lior Bruder
Lior Bruder

f you're an Adobe Flash or Flex Developer, looking to build secured and hard to break solutions - this WebiTalk is a must! App developers, game developers, website developers - Don't miss on the opportunity to learn how to build secured Flash & Flex applications and deliver a secured experience for your customers

Technology
1 of 29
Hacker guide to Adobe Flash Security The open doors and the right locks Lecturer: LiorBruder lior@11sheep.com
What’s on the menu Security introduction Flash VM Network security Memory protection Attack servers
Attacker experience Beginner ,[object Object]
Using ready made tools
Can make a lot of damage but…
Can be easily tracked,[object Object]
Basic knowledge of OS and network
Search and share information (blogs, forums, etc.),[object Object]
Strong knowledge of IT systems, OS, AI, PBX, network, legal issues
Wide range of resources (Servers, Sniffers, etc.)
Hard to detect,[object Object]
Hacking types Listening on the network (Cloud) Hacker Server User
Flash VM (1)
Flash VM (2)
SWF file structure Every SWF file is open source
Demonstrations Decompiling SWF file Obfuscating SWF file
So, how to secure you SWF? Put logic on server Code obfuscation Do not hardcode
Network layers
Packet sniffing ,[object Object]
Charles (Layers 6-7)
Fiddler (Layers 6-7)
WireShark (Layers 2-7),[object Object]
So, How to protect your data? Use binarry data instead of text /XML Hash your data (MD5, Sha1) Use sessions Use secure channel (SSL/RTMPE) Time changing password Use common logic
Secured loading Step 4 - Decrypt SWF data and load SWF (SWFLoader) Step 1 - Download only frame application Step 3 - Download main app Client Server Step 2 - Open encrypted channel (SSL)
Memory protection You don’t know where your SWF will be used There are many memory viewers (like Cheat engine http://www.cheatengine.org/ )
Demonstrations Changing data on SWF file
So, how to protect memory? Scramble important data (Random) Use checksum on data Don’t count on garbage collection
Why use attack server? Cause DOS Damage remote site database Multiple registrations Login to accounts Many more
Passwords protection Encourage the user to use complex password Don’t use trivial combinations Hash the password (MD5) IPtoLocation filter Use smart captcha

Recommended

ISDD Security Precautions
ISDD Security PrecautionsISDD Security Precautions
ISDD Security PrecautionsForrester High School
 
password cracking and Key logger
password cracking and Key loggerpassword cracking and Key logger
password cracking and Key loggerPatel Mit
 
ISDD - Security Risks
ISDD - Security RisksISDD - Security Risks
ISDD - Security RisksForrester High School
 
Password cracking and brute force
Password cracking and brute forcePassword cracking and brute force
Password cracking and brute forcevishalgohel12195
 
Password Attack
Password Attack Password Attack
Password Attack Sina Manavi
 
Moodle security
Moodle securityMoodle security
Moodle securityDilum Bandara
 
Password based cryptography
Password based cryptographyPassword based cryptography
Password based cryptographyIshraq Al Fataftah
 
File security system
File security systemFile security system
File security systemÁŠHÍŸÂ ŹÂBÊÊÑ
 

Recommended

ISDD Security Precautions
ISDD Security PrecautionsISDD Security Precautions
ISDD Security PrecautionsForrester High School
 
password cracking and Key logger
password cracking and Key loggerpassword cracking and Key logger
password cracking and Key loggerPatel Mit
 
ISDD - Security Risks
ISDD - Security RisksISDD - Security Risks
ISDD - Security RisksForrester High School
 
Password cracking and brute force
Password cracking and brute forcePassword cracking and brute force
Password cracking and brute forcevishalgohel12195
 
Password Attack
Password Attack Password Attack
Password Attack Sina Manavi
 
Moodle security
Moodle securityMoodle security
Moodle securityDilum Bandara
 
Password based cryptography
Password based cryptographyPassword based cryptography
Password based cryptographyIshraq Al Fataftah
 
File security system
File security systemFile security system
File security systemÁŠHÍŸÂ ŹÂBÊÊÑ
 
Tip sheet
Tip sheet Tip sheet
Tip sheet- Mark - Fullbright
 
Password craking techniques
Password craking techniques Password craking techniques
Password craking techniques أحلام انصارى
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingPallavi Sonone
 
Password Cracking
Password CrackingPassword Cracking
Password CrackingHajer alriyami
 
A day that will be remembered
A day that will be rememberedA day that will be remembered
A day that will be rememberedwolverine0614
 
Network Security
Network SecurityNetwork Security
Network SecurityEnglish TVTC
 
Password Cracking
Password Cracking Password Cracking
Password Cracking Sina Manavi
 
Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9koolkampus
 
Security R U Totally Secure !
Security R U Totally Secure ! Security R U Totally Secure !
Security R U Totally Secure ! trendy updates
 
Computer security
Computer securityComputer security
Computer securityKawsar Ahmed
 
Soham web security
Soham web securitySoham web security
Soham web securitySoham Sengupta
 
Crontab Cyber Security session 3
Crontab Cyber Security session 3Crontab Cyber Security session 3
Crontab Cyber Security session 3gpioa
 
Password hacking
Password hackingPassword hacking
Password hackingAbhay pal
 
Internet Security Guidelines for Teachers and Students
Internet Security Guidelines for Teachers and Students Internet Security Guidelines for Teachers and Students
Internet Security Guidelines for Teachers and Students Antony Rappai
 
Razif Ben Syena 7a Creation
Razif Ben Syena 7a CreationRazif Ben Syena 7a Creation
Razif Ben Syena 7a Creationguest3e10043
 
20120512 persona mdn_hackday_ldn
20120512 persona mdn_hackday_ldn20120512 persona mdn_hackday_ldn
20120512 persona mdn_hackday_ldnteoli2003
 
Password Attack
Password AttackPassword Attack
Password AttackAliaqa Hosainy
 
Safe computing (Tips & Tricks)
Safe computing (Tips & Tricks)Safe computing (Tips & Tricks)
Safe computing (Tips & Tricks)Satyendra Arora
 
Encrip 2.0
Encrip 2.0Encrip 2.0
Encrip 2.0SHAMSU MUSA ABDULRASHEED
 
How does Ransomware Works?
How does Ransomware Works? How does Ransomware Works?
How does Ransomware Works? Mathieu Ferland
 
Windows network security
Windows network securityWindows network security
Windows network securityInformation Technology
 
Hack the hack
Hack the hackHack the hack
Hack the hackShakti Ranjan
 

More Related Content

What's hot

A day that will be remembered
A day that will be rememberedA day that will be remembered
A day that will be rememberedwolverine0614
 
Password Cracking
Password Cracking Password Cracking
Password Cracking Sina Manavi
 
Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9koolkampus
 
Security R U Totally Secure !
Security R U Totally Secure ! Security R U Totally Secure !
Security R U Totally Secure ! trendy updates
 
Crontab Cyber Security session 3
Crontab Cyber Security session 3Crontab Cyber Security session 3
Crontab Cyber Security session 3gpioa
 
Password hacking
Password hackingPassword hacking
Password hackingAbhay pal
 
Internet Security Guidelines for Teachers and Students
Internet Security Guidelines for Teachers and Students Internet Security Guidelines for Teachers and Students
Internet Security Guidelines for Teachers and Students Antony Rappai
 
Razif Ben Syena 7a Creation
Razif Ben Syena 7a CreationRazif Ben Syena 7a Creation
Razif Ben Syena 7a Creationguest3e10043
 
20120512 persona mdn_hackday_ldn
20120512 persona mdn_hackday_ldn20120512 persona mdn_hackday_ldn
20120512 persona mdn_hackday_ldnteoli2003
 
Safe computing (Tips & Tricks)
Safe computing (Tips & Tricks)Safe computing (Tips & Tricks)
Safe computing (Tips & Tricks)Satyendra Arora
 
How does Ransomware Works?
How does Ransomware Works? How does Ransomware Works?
How does Ransomware Works? Mathieu Ferland
 

What's hot (20)

Tip sheet
Tip sheet Tip sheet
Tip sheet
 
Password craking techniques
Password craking techniques Password craking techniques
Password craking techniques
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Password Cracking
Password CrackingPassword Cracking
Password Cracking
 
A day that will be remembered
A day that will be rememberedA day that will be remembered
A day that will be remembered
 
Network Security
Network SecurityNetwork Security
Network Security
 
Password Cracking
Password Cracking Password Cracking
Password Cracking
 
Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9
 
Security R U Totally Secure !
Security R U Totally Secure ! Security R U Totally Secure !
Security R U Totally Secure !
 
Computer security
Computer securityComputer security
Computer security
 
Soham web security
Soham web securitySoham web security
Soham web security
 
Crontab Cyber Security session 3
Crontab Cyber Security session 3Crontab Cyber Security session 3
Crontab Cyber Security session 3
 
Password hacking
Password hackingPassword hacking
Password hacking
 
Internet Security Guidelines for Teachers and Students
Internet Security Guidelines for Teachers and Students Internet Security Guidelines for Teachers and Students
Internet Security Guidelines for Teachers and Students
 
Razif Ben Syena 7a Creation
Razif Ben Syena 7a CreationRazif Ben Syena 7a Creation
Razif Ben Syena 7a Creation
 
20120512 persona mdn_hackday_ldn
20120512 persona mdn_hackday_ldn20120512 persona mdn_hackday_ldn
20120512 persona mdn_hackday_ldn
 
Password Attack
Password AttackPassword Attack
Password Attack
 
Safe computing (Tips & Tricks)
Safe computing (Tips & Tricks)Safe computing (Tips & Tricks)
Safe computing (Tips & Tricks)
 
Encrip 2.0
Encrip 2.0Encrip 2.0
Encrip 2.0
 
How does Ransomware Works?
How does Ransomware Works? How does Ransomware Works?
How does Ransomware Works?
 

Similar to Hacker guide to adobe flash security

Hacking 1224807880385377-9
Hacking 1224807880385377-9Hacking 1224807880385377-9
Hacking 1224807880385377-9Geoff Pesimo
 
Computer Systems Security
Computer Systems SecurityComputer Systems Security
Computer Systems Securitydrkelleher
 
Computersystemssecurity 090529105555-phpapp01
Computersystemssecurity 090529105555-phpapp01Computersystemssecurity 090529105555-phpapp01
Computersystemssecurity 090529105555-phpapp01Miigaa Mine
 
01-intro-thompson.ppt
01-intro-thompson.ppt01-intro-thompson.ppt
01-intro-thompson.pptSadiaMuqaddas
 
Computer and Network Security
Computer and Network SecurityComputer and Network Security
Computer and Network SecurityAsif Raza
 
01-intro-thompson.ppt
01-intro-thompson.ppt01-intro-thompson.ppt
01-intro-thompson.pptROHITCHHOKER3
 
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)Avansa Mid- en Zuidwest
 
Smart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSmart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationTom Eston
 
Ceh certified ethical hacker
Ceh certified ethical hackerCeh certified ethical hacker
Ceh certified ethical hackerbestip
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Securitybelsis
 
Module 8 System Hacking
Module 8 System HackingModule 8 System Hacking
Module 8 System Hackingleminhvuong
 
Secure programming with php
Secure programming with phpSecure programming with php
Secure programming with phpMohmad Feroz
 
Module 5 (system hacking)
Module 5 (system hacking)Module 5 (system hacking)
Module 5 (system hacking)Wail Hassan
 
How to 2FA-enable Open Source Applications
How to 2FA-enable Open Source ApplicationsHow to 2FA-enable Open Source Applications
How to 2FA-enable Open Source ApplicationsAll Things Open
 

Similar to Hacker guide to adobe flash security (20)

Windows network security
Windows network securityWindows network security
Windows network security
 
Hack the hack
Hack the hackHack the hack
Hack the hack
 
Hacking 1224807880385377-9
Hacking 1224807880385377-9Hacking 1224807880385377-9
Hacking 1224807880385377-9
 
Hacking by Pratyush Gupta
Hacking by Pratyush GuptaHacking by Pratyush Gupta
Hacking by Pratyush Gupta
 
Ceh v5 module 05 system hacking
Ceh v5 module 05 system hackingCeh v5 module 05 system hacking
Ceh v5 module 05 system hacking
 
Computer Systems Security
Computer Systems SecurityComputer Systems Security
Computer Systems Security
 
Computersystemssecurity 090529105555-phpapp01
Computersystemssecurity 090529105555-phpapp01Computersystemssecurity 090529105555-phpapp01
Computersystemssecurity 090529105555-phpapp01
 
01-intro-thompson.ppt
01-intro-thompson.ppt01-intro-thompson.ppt
01-intro-thompson.ppt
 
Computer and Network Security
Computer and Network SecurityComputer and Network Security
Computer and Network Security
 
01-intro-thompson.ppt
01-intro-thompson.ppt01-intro-thompson.ppt
01-intro-thompson.ppt
 
01-intro-thompson.ppt
01-intro-thompson.ppt01-intro-thompson.ppt
01-intro-thompson.ppt
 
cyber sec.ppt
cyber sec.pptcyber sec.ppt
cyber sec.ppt
 
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
 
Smart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSmart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and Exploitation
 
Ceh certified ethical hacker
Ceh certified ethical hackerCeh certified ethical hacker
Ceh certified ethical hacker
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
 
Module 8 System Hacking
Module 8 System HackingModule 8 System Hacking
Module 8 System Hacking
 
Secure programming with php
Secure programming with phpSecure programming with php
Secure programming with php
 
Module 5 (system hacking)
Module 5 (system hacking)Module 5 (system hacking)
Module 5 (system hacking)
 
How to 2FA-enable Open Source Applications
How to 2FA-enable Open Source ApplicationsHow to 2FA-enable Open Source Applications
How to 2FA-enable Open Source Applications
 

Recently uploaded

Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 

Recently uploaded (20)

Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 

Hacker guide to adobe flash security

  • 1. Hacker guide to Adobe Flash Security The open doors and the right locks Lecturer: LiorBruder lior@11sheep.com
  • 2. What’s on the menu Security introduction Flash VM Network security Memory protection Attack servers
  • 3.
  • 4. Using ready made tools
  • 5. Can make a lot of damage but…
  • 6.
  • 7. Basic knowledge of OS and network
  • 8.
  • 9. Strong knowledge of IT systems, OS, AI, PBX, network, legal issues
  • 10. Wide range of resources (Servers, Sniffers, etc.)
  • 11.
  • 12. Hacking types Listening on the network (Cloud) Hacker Server User
  • 15. SWF file structure Every SWF file is open source
  • 16. Demonstrations Decompiling SWF file Obfuscating SWF file
  • 17. So, how to secure you SWF? Put logic on server Code obfuscation Do not hardcode
  • 19.
  • 22.
  • 23. So, How to protect your data? Use binarry data instead of text /XML Hash your data (MD5, Sha1) Use sessions Use secure channel (SSL/RTMPE) Time changing password Use common logic
  • 24. Secured loading Step 4 - Decrypt SWF data and load SWF (SWFLoader) Step 1 - Download only frame application Step 3 - Download main app Client Server Step 2 - Open encrypted channel (SSL)
  • 25. Memory protection You don’t know where your SWF will be used There are many memory viewers (like Cheat engine http://www.cheatengine.org/ )
  • 27. So, how to protect memory? Scramble important data (Random) Use checksum on data Don’t count on garbage collection
  • 28. Why use attack server? Cause DOS Damage remote site database Multiple registrations Login to accounts Many more
  • 29. Passwords protection Encourage the user to use complex password Don’t use trivial combinations Hash the password (MD5) IPtoLocation filter Use smart captcha
  • 30. Passwords (1) Encourage the user to use complex password
  • 31. Passwords (2) Block trivial combinations You details: Name: Liorbruder Birthdate: 16/7/1983 Id number: 033099124 Common passwords: Liorbruder Lior1 Lior16071983 Bruderlior Brudergmail 033099124
  • 32. Passwords (3) Hash the password (MD5)
  • 33. Passwords (3) Trivial passwords will be easy to detect PasswordHash lior1 - e9d9dc5987d3fd2369e10ed0a8c32d8a good - 7faae226566c91d06a0d741e0c9d3ae6 bruder - e9d9dc5987d3fd2369e10ed0a8c32d8a test - 098f6bcd4621d373cade4e832627b4f6
  • 34. Passwords (4) How to steal captcha On your site Somewhere on the internet… Welcome to my site Do you want to see the next picture? User name: Password: For security please retype the following characters:
  • 35.