[Owasp-sydney] OWASP Sydney Meeting 14th May

Paul Theriault paul.theriault at sift.com.au
Mon Apr 28 23:22:30 EDT 2008

Hi all,

For those planning on attending on the 14th, I have attached a summary of my presentation below.
Thanks to Chris for organising and KPMG for hosting - hope to see you all there.

Detection and Analysis of Flash Based Malware:

A recent series of incidents saw consumers infected with malware after viewing malicious flash advertisements on high-profile internet sites. The malicious advertisements existed not as a result of system or application compromise, but due to attackers paying for advertisements with hidden functionality to be served by major online advertising organisations.

These events have highlighted a technical challenge to all organisations who serve third-party flash content: how can you tell if a flash file is malicious? As organisations increasingly serve dynamic content provided by third-parties, the risk of these files containing malicious code increases and the existing technical mitigation controls are currently limited.

This presentation will include a technical analysis of the malware in question, an analysis of other potential threat vectors with flash content and an examination of possible technical solutions to this problem. Ultimately organisations need to find a balance between manual analysis (large time and expertise requirements) and automated scanning (which face all the problems associated with the existing anti-virus). Ultimately contractual protections need to be in place in addition to technical protections, but there is a lot of room for improvement in terms of the technical approach to handling flash files and this presentation will discuss some of those options.


Paul Theriault
Senior Associate
P: +61 2 9236 7276
F: +61 2 9251 6393
M: +61 410 525 685
E: paul.theriault at sift.com.au
Level 6, 62 Pitt Street
Sydney NSW, 2000

---------- Forwarded message ----------
From: Chris Gatford <chris.gatford at purehacking.com>
Date: Tue, Apr 29, 2008 at 12:52 PM
Subject: [Owasp-sydney] OWASP Sydney Meeting 14th May
To: Owasp-sydney at lists.owasp.org

** Upcoming Sydney OWASP Meeting **

Please join us for a FREE networking and learning session:

When: Wednesday, May 14th 2008, 6:00 pm - 8:00 pm
Location:  KPMG
Auditorium (Located on the Ground floor at the rear)
10 Shelley Street (main entrance located on Sussex Street)
Sydney  NSW  2000

6:00 - 6:20 Peer-to-Peer Networking with Tea & Coffee

6:20 - 6:30 Sydney Chapter Update

6:30 - 7:30 Technical Presentation "Flash Application Vulnerabilities"
Paul Theriault, Senior Associate, SIFT

OWASP Sydney is very kindly being supported by KPMG in providing the
venue and refreshments.

RSVP: Chris at penetrationtester.com

Paul's presentation will be an introduction to the detection and
analysis of Flash based malware. Providing technical insights in to
the analysis process and providing examples of deconstructing content
as well as some suggested countermeasures.

Speaker BIO:

Paul is a Senior Associate with SIFT, and has extensive experience in
both technical and policy areas of IT security ranging from
application code review and testing, to business-wide risk assessment
and management. Paul is a proficient security incident handler with
experience in malware and vulnerability analysis, anti-virus
monitoring and patch management.

Paul holds a degree in Computer Science from the University of Sydney,
during the completion of which he was awarded the prize for IT
Security with a perfect score of 100. He is a Member of the Open Web
Application Security Project (OWASP), and has also provided Guest
Lectures at the Communications University of China, Beijing.

Paul has supported SIFT's clients through providing Board-level risk
management guidance, and has completed low-level technical security
testing for systems making up vital parts of Australia's financial
markets critical infrastructure.

Kind Regards
Chris Gatford
Pure Hacking

Toll Free: Australia 1300 884 218
Direct:  +61 2 9231 1134
Fax:     +61 2 9231 1117
Mobile:  +61 420 909 308
Email: chris.gatford at purehacking.com
Web: http://www.purehacking.com
Blog: http://www.penetrationtester.com
Linkedin: http://www.linkedin.com/in/chrisgatford

Martin Place, Suite 304, Level 3, 84 Pitt St, Sydney
Level 50, 101 Collins St, Melbourne

2 Havelock Road #04-08
Apollo Centre Singapore 059763

 Owasp-sydney mailing list
 Owasp-sydney at lists.owasp.org

More information about the Owasp-sydney mailing list