Wednesday 3 October 11:30 - 12:00, Red room
Boris Larin (Kaspersky Lab)
Anton Ivanov (Kaspersky Lab)
At the end of 2017 we discovered an Adobe Flash Player zero-day vulnerability (CVE-2017-11292) which was used in the BlackOasis APT. This case demonstrates that Adobe Flash Player is still a good target for threat actors.
CVE-2017-11292 is a particularly interesting type-confusion vulnerability, and there are no public reports describing it.
In this presentation we will present and release our own 'ActionScript3' processor module and debug plug-in for IDA Pro. These tools work together to complement each other, and have already shown good results in in-the-wild exploit debugging.
We analysed the Actionscript Virtual Machine (AVM) and found a way to increase analysis with the rich possibilities of IDA Pro and APIs.
In our presentation we will cover the following:
Boris Larin is a malware analyst at Kaspersky Lab, focused on exploits and network attack detection. His main fields of interest are reverse engineering, code deobfuscation and vulnerability research. He is also the author of educational materials for Kaspersky Academy and runs a malware reverse engineering course at Harbour.Space University in Barcelona. In his free time he likes to investigate and examine the security of embedded devices.
Anton graduated from Russia's Higher School of Economics in 2013, with a degree in information technology. Anton also has a Master's degree from the Russian Presidential Academy of National Economy and Public Administration. Anton joined Kaspersky Lab in 2011 as malware analyst. Now he leads the behavioural detection team. Anton has several patents relating to malware detection.
Ya Liu (Qihoo)
Hui Wang (Qihoo)
Alexei Bulazel (ForAllSecure)
Andrew Brandt (Independent researcher)