[Owasp-sydney] OWASP Sydney Meeting 14th May

Paul Theriault paul.theriault at sift.com.au
Tue Apr 29 08:18:54 EDT 2008


That depends if I get away with just recycling or not ;) I was last, and lots of people had to get flights... I reckon I might get away with it!

My cunning plan is:
- run through previous slides as an introduction or a refresher
- do some demostrations of new/undocumented libaries released as part of Flex 3 which are useful for Flash analysis
- have a stimulating discussion about potential tools for flash malware detection/prevention
- declare victory and head for the bar

Out of interest, can I get a show of replies (perhaps just to me, to avoid list spam) if you're coming and you saw my previous flash talk.
And of course, suggestions or questions for discussion are welcome.

See you ALL there,
Paul


Paul Theriault
Senior Associate
___________________________________
SIFT
www.sift.com.au


P: +61 2 9236 7276
F: +61 2 9251 6393
M: +61 410 525 685
E: paul.theriault at sift.com.au



Level 6, 62 Pitt Street
Sydney NSW, 2000
Australia



"SIFT is a leading Australian information security consulting, intelligence and training firm. We specialise in the delivery of independent advice,reviews and recommendations to the senior management of large,
highly-regulated organisations."



This correspondence is for the named person's use only. It may contain confidential or legally privileged information or both. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this correspondence in error, please immediately delete it from your system and notify the sender. You must not disclose, copy or rely on any part of this correspondence if you are not the intended recipient. Any  pinions expressed in this message are those of the individual sender, except where the sender expressly, and with authority, states them to be the opinions of SIFT Pty Ltd.







-----Original Message-----
From: Christian Heinrich [mailto:cmlh at alpha.net.au] On Behalf Of christian.heinrich at cmlh.id.au
Sent: Tuesday, 29 April 2008 1:52 PM
To: Paul Theriault
Cc: Owasp-sydney at lists.owasp.org
Subject: RE: [Owasp-sydney] OWASP Sydney Meeting 14th May

Paul,

Is the content of this presentation updated from http://www.owasp.org/images/7/77/OWASPAU08_Session_18_Theriault.ppt?


Regards,
Christian Heinrich
OWASP Individual Member
http://www.linkedin.com/in/ChristianHeinrich


-----Original Message-----
From: owasp-sydney-bounces at lists.owasp.org
[mailto:owasp-sydney-bounces at lists.owasp.org] On Behalf Of Paul Theriault
Sent: Tuesday, 29 April 2008 1:23 PM
To: Owasp-sydney at lists.owasp.org
Subject: Re: [Owasp-sydney] OWASP Sydney Meeting 14th May

Hi all,

For those planning on attending on the 14th, I have attached a summary of my presentation below.
Thanks to Chris for organising and KPMG for hosting - hope to see you all there.

----------------------------------------------------------------------------
---------------------------
Detection and Analysis of Flash Based Malware:

A recent series of incidents saw consumers infected with malware after viewing malicious flash advertisements on high-profile internet sites. The malicious advertisements existed not as a result of system or application compromise, but due to attackers paying for advertisements with hidden functionality to be served by major online advertising organisations.

These events have highlighted a technical challenge to all organisations who serve third-party flash content: how can you tell if a flash file is malicious? As organisations increasingly serve dynamic content provided by third-parties, the risk of these files containing malicious code increases and the existing technical mitigation controls are currently limited.

This presentation will include a technical analysis of the malware in question, an analysis of other potential threat vectors with flash content and an examination of possible technical solutions to this problem.
Ultimately organisations need to find a balance between manual analysis (large time and expertise requirements) and automated scanning (which face all the problems associated with the existing anti-virus). Ultimately contractual protections need to be in place in addition to technical protections, but there is a lot of room for improvement in terms of the technical approach to handling flash files and this presentation will discuss some of those options.




Regards,

Paul Theriault
Senior Associate
___________________________________
SIFT
www.sift.com.au
P: +61 2 9236 7276
F: +61 2 9251 6393
M: +61 410 525 685
E: paul.theriault at sift.com.au
Level 6, 62 Pitt Street
Sydney NSW, 2000
Australia


---------- Forwarded message ----------
From: Chris Gatford <chris.gatford at purehacking.com>
Date: Tue, Apr 29, 2008 at 12:52 PM
Subject: [Owasp-sydney] OWASP Sydney Meeting 14th May
To: Owasp-sydney at lists.owasp.org



**************************************************
** Upcoming Sydney OWASP Meeting **
**************************************************

Please join us for a FREE networking and learning session:

When: Wednesday, May 14th 2008, 6:00 pm - 8:00 pm
Location:  KPMG
Auditorium (Located on the Ground floor at the rear) 10 Shelley Street (main entrance located on Sussex Street) Sydney  NSW  2000

Agenda
6:00 - 6:20 Peer-to-Peer Networking with Tea & Coffee

6:20 - 6:30 Sydney Chapter Update

6:30 - 7:30 Technical Presentation "Flash Application Vulnerabilities"
Paul Theriault, Senior Associate, SIFT

OWASP Sydney is very kindly being supported by KPMG in providing the venue and refreshments.

RSVP: Chris at penetrationtester.com

Presentation:
Paul's presentation will be an introduction to the detection and analysis of Flash based malware. Providing technical insights in to the analysis process and providing examples of deconstructing content as well as some suggested countermeasures.


Speaker BIO:


Paul is a Senior Associate with SIFT, and has extensive experience in both technical and policy areas of IT security ranging from application code review and testing, to business-wide risk assessment and management. Paul is a proficient security incident handler with experience in malware and vulnerability analysis, anti-virus monitoring and patch management.

Paul holds a degree in Computer Science from the University of Sydney, during the completion of which he was awarded the prize for IT Security with a perfect score of 100. He is a Member of the Open Web Application Security Project (OWASP), and has also provided Guest Lectures at the Communications University of China, Beijing.

Paul has supported SIFT's clients through providing Board-level risk management guidance, and has completed low-level technical security testing for systems making up vital parts of Australia's financial markets critical infrastructure.





Kind Regards
Chris Gatford
-----------------------------------------
Pure Hacking

Toll Free: Australia 1300 884 218
Direct:  +61 2 9231 1134
Fax:     +61 2 9231 1117
Mobile:  +61 420 909 308
Email: chris.gatford at purehacking.com
Web: http://www.purehacking.com
Skype:chrisgatford
Blog: http://www.penetrationtester.com
Linkedin: http://www.linkedin.com/in/chrisgatford

Australia:
Martin Place, Suite 304, Level 3, 84 Pitt St, Sydney Level 50, 101 Collins St, Melbourne

Singapore:
2 Havelock Road #04-08
Apollo Centre Singapore 059763



_______________________________________________
 Owasp-sydney mailing list
 Owasp-sydney at lists.owasp.org
 https://lists.owasp.org/mailman/listinfo/owasp-sydney
_______________________________________________
Owasp-sydney mailing list
Owasp-sydney at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-sydney


More information about the Owasp-sydney mailing list