Dynamic Analysis of Flash Files

DerbyCon V - Unity

Presented by: Jacob Thompson
Date: Saturday September 26, 2015
Time: 15:00 - 15:50
Location: Track 4
Track: The 3-Way

Adobe Flash can be a roadblock and source of frustration for web application penetration testers. Implementation details in the Flash debugger make it difficult to debug the Action- Script code within a release-build SWF file. In this talk, I give a general overview of the process of debugging ActionScript in Flash and AIR SWF files. I then introduce a tool I have written to inject synthetic file and line-number information into release SWF files, converting them into debuggable ones and allowing them to be dynamically analyzed using standard tools.

Jacob Thompson


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats