Your SlideShare is downloading. ×
Hacker guide to adobe flash security
Hacker guide to adobe flash security
Hacker guide to adobe flash security
Hacker guide to adobe flash security
Hacker guide to adobe flash security
Hacker guide to adobe flash security
Hacker guide to adobe flash security
Hacker guide to adobe flash security
Hacker guide to adobe flash security
Hacker guide to adobe flash security
Hacker guide to adobe flash security
Hacker guide to adobe flash security
Hacker guide to adobe flash security
Hacker guide to adobe flash security
Hacker guide to adobe flash security
Hacker guide to adobe flash security
Hacker guide to adobe flash security
Hacker guide to adobe flash security
Hacker guide to adobe flash security
Hacker guide to adobe flash security
Hacker guide to adobe flash security
Hacker guide to adobe flash security
Hacker guide to adobe flash security
Hacker guide to adobe flash security
Hacker guide to adobe flash security
Hacker guide to adobe flash security
Hacker guide to adobe flash security
Hacker guide to adobe flash security
Hacker guide to adobe flash security
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Hacker guide to adobe flash security

736

Published on

f you're an Adobe Flash or Flex Developer, looking to build secured and hard to break solutions - this WebiTalk is a must! …

f you're an Adobe Flash or Flex Developer, looking to build secured and hard to break solutions - this WebiTalk is a must!
App developers, game developers, website developers - Don't miss on the opportunity to learn how to build secured Flash & Flex applications and deliver a secured experience for your customers

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
736
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Hacker guide to Adobe Flash Security
    The open doors and the right locks
    Lecturer: LiorBruder
    lior@11sheep.com
  • 2. What’s on the menu
    Security introduction
    Flash VM
    Network security
    Memory protection
    Attack servers
  • 3. Attacker experience
    Beginner
    • Doesn’t have a lot of system and technical knowledge
    • 4. Using ready made tools
    • 5. Can make a lot of damage but…
    • 6. Can be easily tracked
  • Attacker experience
    Advanced
    • Using and creating scripts
    • 7. Basic knowledge of OS and network
    • 8. Search and share information (blogs, forums, etc.)
  • Attacker experience
    Expert
    • Good programmer, Creates his own special tools
    • 9. Strong knowledge of IT systems, OS, AI, PBX, network, legal issues
    • 10. Wide range of resources (Servers, Sniffers, etc.)
    • 11. Hard to detect
  • Hacking types
    Man in the middle
    Changing the rules of the game/app
    Breaking into victim computer’s
    Breaking into the remote server
  • 12. Hacking types
    Listening on the network (Cloud)
    Hacker
    Server
    User
  • 13. Flash VM (1)
  • 14. Flash VM (2)
  • 15. SWF file structure
    Every SWF file is open source
  • 16. Demonstrations
    Decompiling SWF file
    Obfuscating SWF file
  • 17. So, how to secure you SWF?
    Put logic on server
    Code obfuscation
    Do not hardcode
  • 18. Network layers
  • 19. Packet sniffing
    • HTTPFox (Layers 6-7)
    • 20. Charles (Layers 6-7)
    • 21. Fiddler (Layers 6-7)
    • 22. WireShark (Layers 2-7)
  • Demonstrations
    HTTPFox (Ynet)
    Fiddler (Pcman)
  • 23. So, How to protect your data?
    Use binarry data instead of text /XML
    Hash your data (MD5, Sha1)
    Use sessions
    Use secure channel (SSL/RTMPE)
    Time changing password
    Use common logic
  • 24. Secured loading
    Step 4 - Decrypt SWF data and load SWF
    (SWFLoader)
    Step 1 - Download only frame application
    Step 3 - Download main app
    Client
    Server
    Step 2 - Open encrypted channel (SSL)
  • 25. Memory protection
    You don’t know where your SWF will be used
    There are many memory viewers (like Cheat engine http://www.cheatengine.org/ )
  • 26. Demonstrations
    Changing data on SWF file
  • 27. So, how to protect memory?
    Scramble important data (Random)
    Use checksum on data
    Don’t count on garbage collection
  • 28. Why use attack server?
    Cause DOS
    Damage remote site database
    Multiple registrations
    Login to accounts
    Many more
  • 29. Passwords protection
    Encourage the user to use complex password
    Don’t use trivial combinations
    Hash the password (MD5)
    IPtoLocation filter
    Use smart captcha
  • 30. Passwords (1)
    Encourage the user to use complex password
  • 31. Passwords (2)
    Block trivial combinations
    You details:
    Name: Liorbruder
    Birthdate: 16/7/1983
    Id number: 033099124
    Common passwords:
    Liorbruder
    Lior1
    Lior16071983
    Bruderlior
    Brudergmail
    033099124
  • 32. Passwords (3)
    Hash the password (MD5)
  • 33. Passwords (3)
    Trivial passwords will be easy to detect
    PasswordHash
    lior1 - e9d9dc5987d3fd2369e10ed0a8c32d8a
    good - 7faae226566c91d06a0d741e0c9d3ae6
    bruder - e9d9dc5987d3fd2369e10ed0a8c32d8a
    test - 098f6bcd4621d373cade4e832627b4f6
  • 34. Passwords (4)
    How to steal captcha
    On your site
    Somewhere on the internet…
    Welcome to my site
    Do you want to see the next picture?
    User name:
    Password:
    For security please retype the following characters:
  • 35. What you need to learn to be a hacker?
    What you need to learn to protect your applications?
    Learn how to program (C++, Etc.)
    Use Unix OS
    Learn Web and Server side (PHP)
    Know the network layers protocols
    Start looking in forums
    • Be discrete
  • Thank you

×