TOOLS FOR FLASH ANALYSIS
Update 13:35 PDT: False positive finding from CA triggering on System.security.allowDomain("*").
Regardless, these two sites are indispensable for their quick analytic capability.
Seeing System.security.allowDomain("*") as problematic in not necessarily wrong as it often indicates malicious content.
Breaking news regarding malicious Flash popping up from YouTube is starting to break all over the Internet.
CrunchGear has a bit of a write-up on it.
Rather than sound off about what will become old news quickly, I'd like to point you to resources I use to analyze (or have the analysis done for me, to be more concise) malicious Flash or JavaScript.
I grabbed the evil .swf in question from the URL below via command-line on my trusty Ubuntu box:
wget hxxp://www.youtube.com/v/O7tB1pYSNuE&rel=1
I then fed l.swf to Adops Tools and Wepawet.
The results from each analysis are below for your review.
Note System.security.allowDomain("*").
Not good. ;-)
Adops Tools Results
Wepawet Results
Use in good faith, but always be careful grabbing the evil .swf.
del.icio.us | digg | Submit to Slashdot
Subscribe to:
Post Comments (Atom)
Moving blog to HolisticInfoSec.io
toolsmith and HolisticInfoSec have moved. I've decided to consolidate all content on one platform, namely an R markdown blogdown sit...
-
Continuing where we left off in The HELK vs APTSimulator - Part 1 , I will focus our attention on additional, useful HELK features to ...
-
As you weigh how best to improve your organization's digital forensics and incident response (DFIR) capabilities heading into 2017, cons...
-
When, in October and November 's toolsmith posts, I redefined DFIR under the premise of D eeper F unctionality for I nvestigators in R ...
No comments:
Post a Comment