Explore advanced techniques for reverse engineering Flash exploits in this 47-minute Black Hat conference talk. Delve into the intricacies of Adobe Flash Player's memory layout and behavior, gaining valuable insights into exploit and mitigation methods. Learn fine-grained debugging tactics to observe and interpret memory exploit techniques effectively. Discover how to quickly understand new exploit techniques targeting current vulnerabilities, aiding defenders in prioritizing mitigation efforts and code fixes. Examine the challenges of reverse engineering Flash exploits, including multi-layer obfuscation and non-decompilable code. Gain practical knowledge on overcoming the lack of tools for static and dynamic analysis of highly obfuscated ActionScript and AVM bytecode. Master tactics and debugging techniques for reverse engineering exploits, combining existing toolsets in innovative ways. Analyze detailed exploit code reverse engineering examples to understand the current and past status of the attack and mitigation landscape. Investigate advanced concepts such as Vector corruption, ByteArray corruption, and JIT manipulation techniques, exploring how exploits utilize these methods and how vendors defend against them.
Overview
Syllabus
The Art of Reverse Engineering Flash Exploits
Taught by
Black Hat