Flashdetect: Actionscript 3 Malware Detection
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
Haxe Game Development Essentials
F re e S a m p le Community Experience Distilled Haxe Game Development Essentials Create games on multiple platforms from a single codebase using Haxe and the HaxeFlixel engine Jeremy McCurdy In this package, you will find: The author biography A preview chapter from the book, Chapter 1 'Getting Started' A synopsis of the book’s content More information on Haxe Game Development Essentials About the Author Jeremy McCurdy is a game developer who has been making games using ActionScript, C#, and Haxe for over four years. He has developed games targeted at iOS, Android, Windows, OS X, Flash, and HTML5. He has worked on games that have had millions of gameplay sessions, and has built games for many major North American television networks. He is the games technical lead at REDspace, an award-winning interactive studio that has worked for some of the world's largest brands. They are located in Nova Scotia, Canada, and have been building awesome experiences for 15 years. Preface Developing games that can reach a wide audience can often be a serious challenge. A big part of the problem is fi guring out how to make a game that will work on a wide range of hardware and operating systems. This is where Haxe comes in. Over the course of this book, we'll look at getting started with Haxe and the HaxeFlixel game engine, build a side-scrolling shooter game that covers the core features you need to know, and prepare the game for deployment to multiple platforms. After completing this book, you will have the skills you need to start producing your own cross-platform Haxe-driven games! What this book covers Chapter 1, Getting Started, explains setting up the Haxe and HaxeFlixel development environment and doing a quick Hello World example to ensure that everything is working. -
Rich Internet Applications
Rich Internet Applications (RIAs) A Comparison Between Adobe Flex, JavaFX and Microsoft Silverlight Master of Science Thesis in the Programme Software Engineering and Technology CARL-DAVID GRANBÄCK Department of Computer Science and Engineering CHALMERS UNIVERSITY OF TECHNOLOGY UNIVERSITY OF GOTHENBURG Göteborg, Sweden, October 2009 The Author grants to Chalmers University of Technology and University of Gothenburg the non-exclusive right to publish the Work electronically and in a non-commercial purpose make it accessible on the Internet. The Author warrants that he/she is the author to the Work, and warrants that the Work does not contain text, pictures or other material that violates copyright law. The Author shall, when transferring the rights of the Work to a third party (for example a publisher or a company), acknowledge the third party about this agreement. If the Author has signed a copyright agreement with a third party regarding the Work, the Author warrants hereby that he/she has obtained any necessary permission from this third party to let Chalmers University of Technology and University of Gothenburg store the Work electronically and make it accessible on the Internet. Rich Internet Applications (RIAs) A Comparison Between Adobe Flex, JavaFX and Microsoft Silverlight CARL-DAVID GRANBÄCK © CARL-DAVID GRANBÄCK, October 2009. Examiner: BJÖRN VON SYDOW Department of Computer Science and Engineering Chalmers University of Technology SE-412 96 Göteborg Sweden Telephone + 46 (0)31-772 1000 Department of Computer Science and Engineering Göteborg, Sweden, October 2009 Abstract This Master's thesis report describes and compares the three Rich Internet Application !RIA" frameworks Adobe Flex, JavaFX and Microsoft Silverlight. -
Heap Feng Shui in Javascript
Heap Feng Shui in JavaScript Alexander Sotirov <[email protected]> Introduction The exploitation of heap corruption vulnerabilities on the Windows platform has become increasingly more difficult since the introduction of XP SP2. Heap protection features such as safe unlinking and heap cookies have been successful in stopping most generic heap exploitation techniques. Methods for bypassing the heap protection exist, but they require a great degree of control over the allocation patterns of the vulnerable application. This paper introduces a new technique for precise manipulation of the browser heap layout using specific sequences of JavaScript allocations. We present a JavaScript library with functions for setting up the heap in a controlled state before triggering a heap corruption bug. This allows us to exploit very difficult heap corruption vulnerabilities with great reliability and precision. We will focus on Internet Explorer exploitation, but the general techniques presented here are potentially applicable to any other browser or scripting environment. Previous work The most widely used browser heap exploitation technique is the heap spraying method developed by SkyLined for his Internet Explorer IFRAME exploit. This technique uses JavaScript to create multiple strings containing a NOP slide and shellcode. The JavaScript runtime stores the data for each string in a new block on the heap. Heap allocations usually start at the beginning of the address space and go up. After allocating 200MB of memory for the strings, any address between 50MB and 200MB is very likely to point at the NOP slide. Overwriting a return address or a function pointer with an address in this range will lead to a jump to the NOP slide and shellcode execution. -
A Defense Against Heap-Spraying Code Injection Attacks
Nozzle: A Defense Against Heap-spraying Code Injection Attacks Paruj Ratanaworabhan Benjamin Livshits and Benjamin Zorn Cornell University Microsoft Research Ithaca, NY Redmond, WA November 19, 2008 Microsoft Research Technical Report MSR-TR-2008-176 nnoozzllee 1 Abstract Heap spraying is a new security attack that significantly increases the exploitability of existing memory corruption errors in type-unsafe applications. With heap spraying, attackers leverage their ability to allocate arbitrary objects in the heap of a type-safe language, such as JavaScript, literally filling the heap with objects that contain danger- ous exploit code. In recent years, spraying has been used in many real security exploits, especially in web browsers. In this paper, we describe Nozzle, a runtime monitoring infrastructure that detects attempts by attackers to spray the heap. Nozzle uses lightweight emulation techniques to detect the presence of objects that contain executable code. To reduce false positives, we developed a notion of global “heap health”. We measure the effectiveness of Nozzle by demonstrating that it successfully detects 12 published and 2,000 synthetically generated heap-spraying exploits. We also show that even with a detection threshold set six times lower than is required to detect published ma- licious attacks, Nozzle reports no false positives when run over 150 popular Internet sites. Using sampling and concurrent scanning to re- duce overhead, we show that the performance overhead of Nozzle is less than 7% on average. While Nozzle currently targets heap-based spraying attacks, its techniques can be applied to a more general class of attacks in which an attacker attempts to fill the address space with dangerous code objects. -
Framework Overview with UML Diagrams
Framework Overview with UML Diagrams Learn to Build Robust, Scalable and Maintainable Applications using PureMVC Framework Overview This document discusses the classes and interfaces of the PureMVC framework; illustrating their roles, responsibilities and collaborations with simple UML (Unified Modeling Language) diagrams. The PureMVC framework has a very narrow goal. That is to help you separate your application’s coding concerns into three discrete tiers; Model, View and Controller. In this implementation of the classic MVC design meta-pattern, the application tiers are represented by three Singletons (a class where only one instance may be created). A fourth Singleton, the Façade, simplifies development by providing a single interface for communications throughout the application. The Model caches named references to Proxies, which expose an API for manipulating the Data Model (including data retrieved from remote services). The View primarily caches named references to Mediators, which adapt and steward the View Components that make up the user interface. The Controller maintains named mappings to Command classes, which are stateless, and only created when needed. The Façade initializes and caches the Core actors (Model, View and Controller), and provides a single place to access all of their public methods. AUTHOR: Cliff Hall <[email protected]> LAST MODIFIED: 3/05/2008 Façade and Core The Façade class makes it possible for the Proxies, Mediators and Commands that make up most of our final application to talk to each other in a loosely coupled way, without having to import or work directly with the Core framework actors. When we create a concrete Façade implementation for our application, we are able to use the Core actors ‘out of the box’, incidental to our interaction with the Façade, minimizing the amount of API knowledge the developer needs to have to be successful with the framework. -
Actionscript 3.0 from the Ground up Tour
Adobe Presents Colin Moock’s ActionScript 3.0 From the Ground Up Tour Materials provided by O’Reilly Media, Inc. Welcome Key Learning Welcome to the ActionScript 3.0: From the Ground Up Tour! In collaboration with Colin Moock, FITC Design and Technology The following table lists some of today’s most important concepts. Events, O’Reilly, and participating academic institutions around the world, Adobe is thrilled to bring you this world-class day of training. Following the tradition of Flex Camp (http://flex.org/camp/) and the onAIR bus tour (http://onair.adobe.com/), this Concept Example lecture is an important part of Adobe’s ongoing initiative to bring knowledge to the development community. Classes are blueprints for objects. class VirtualPet { At Adobe, we understand that a tool is only useful when you know how to use it. And we’re committed to helping you gain that knowledge. So sit back, get ready for a high-paced day of learning, and most of all have fun! } Objects (or instances) are the things in a program, new VirtualPet() Links and Resources such as a number, a car, a button, a point in time The entire set of notes for today’s lecture are available at: Some classes are built into ActionScript, others are MovieClip, TextField, Sound, String custom-made. http://moock.org/lectures/groundUpAS3 A package contains a class so its name doesn’t package zoo { The code for the virtual zoo application can be obtained at: conflict with other names. class VirtualPet { http://moock.org/eas3/examples/moock_eas3_examples/virtualzoo_final } For a prose version of today’s lecture in book form, see Colin Moock’s Essential ActionScript 3.0 (O’Reilly, 2007). -
Slideshowpro for Flash Customization Guide
SlideShowPro for Flash Customization Guide (Version 1.8.x) Contents Introduction.......................................................................................................................................................................................3 Customization.basics....................................................................................................................................................................4 How.to:.SlideShowPro.for.Flash.Button.Packs..................................................................................................................5 How.to:.Custom.navigation.buttons...................................................................................................................................... 7 How.to:.Embed.SWF.in.a.separate.HTML.document.....................................................................................................9 How.to:.External.navigation.....................................................................................................................................................12 How.To:.Change.default.English.text....................................................................................................................................13 How.to:.Prevent.XML.caching................................................................................................................................................. 14 How.to:.Dynamically.assign.an.XML.file..............................................................................................................................15 -
Enterprise Development with Flex
Enterprise Development with Flex Enterprise Development with Flex Yakov Fain, Victor Rasputnis, and Anatole Tartakovsky Beijing • Cambridge • Farnham • Köln • Sebastopol • Taipei • Tokyo Enterprise Development with Flex by Yakov Fain, Victor Rasputnis, and Anatole Tartakovsky Copyright © 2010 Yakov Fain, Victor Rasputnis, and Anatole Tartakovsky.. All rights reserved. Printed in the United States of America. Published by O’Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472. O’Reilly books may be purchased for educational, business, or sales promotional use. Online editions are also available for most titles (http://my.safaribooksonline.com). For more information, contact our corporate/institutional sales department: (800) 998-9938 or [email protected]. Editor: Mary E. Treseler Indexer: Ellen Troutman Development Editor: Linda Laflamme Cover Designer: Karen Montgomery Production Editor: Adam Zaremba Interior Designer: David Futato Copyeditor: Nancy Kotary Illustrator: Robert Romano Proofreader: Sada Preisch Printing History: March 2010: First Edition. Nutshell Handbook, the Nutshell Handbook logo, and the O’Reilly logo are registered trademarks of O’Reilly Media, Inc. Enterprise Development with Flex, the image of red-crested wood-quails, and related trade dress are trademarks of O’Reilly Media, Inc. Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this book, and O’Reilly Media, Inc. was aware of a trademark claim, the designations have been printed in caps or initial caps. While every precaution has been taken in the preparation of this book, the publisher and authors assume no responsibility for errors or omissions, or for damages resulting from the use of the information con- tained herein. -
Jitdefender: a Defense Against JIT Spraying Attacks
JITDefender: A Defense against JIT Spraying Attacks Ping Chen, Yi Fang, Bing Mao, and Li Xie State Key Laboratory for Novel Software Technology, Nanjing University Department of Computer Science and Technology, Nanjing University, Nanjing 210093 {chenping,fangyi,maobing,xieli}@nju.edu.cn Abstract. JIT spraying is a new code-reuse technique to attack virtual machines based on JIT (Just-in-time) compilation. It has proven to be capable of circum- venting the defenses such as data execution prevention (DEP) and address space layout randomization(ASLR), which are effective for preventing the traditional code injection attacks. In this paper, we describe JITDefender, an enhancement of standard JIT-based VMs, which can prevent the attacker from executing arbi- trary JIT compiled code on the VM. Thereby JITDefender can block JIT spraying attacks. We prove the effectiveness of JITDefender by demonstrating that it can successfully prevent existing JIT spraying exploits. JITDefender reports no false positives when run over benign actionscript/javascript programs. In addition, we show that the performance overhead of JITDefender is low. 1 Introduction In recent years, attackers have resorted to code-reuse techniques instead of injecting their own malicious code. Typical techniques are Return-oriented Programming (ROP) [21], BCR [12] and Inspector [11]. Different code-reuse attacks launch the attack based on different codebases, including the application, shared libraries or even the kernel. However, all the techniques need to find useful instruction sequence in the codebase, and the task is tedious and costly in practice. Recently, a new code-reuse attack named JIT (Just-In-Time) spraying was proposed by Blazakis [10]. -
Here Are the Slides
Working with SWX: The Native Data Format for the Flash Platform R. Jon MacDonald http://jonnymac.com/blog 1 Welcome to Working with SWX - The Native Data Format for the Flash Platform I’m Jon MacDonald and... ...I’ve been working with SWX since its first beta release. [NEXT] Who Am I? • Director, JonnyMac Interactive • Interactive Development Manager, XPLANE • Open Source Contributor • Project Manager and Lead of SWX 2 But... Who Am I? I’m the Director of JonnyMac Interactive. We are a collective of interactive designers and developers out of Portland, Oregon in the United States I am also the Interactive Development Manager for XPLANE... ...a company that visualizes complex information and processes for Fortune 500 companies. I am an avid open source consumer... ...and contributor... ...to projects such as SWX, SWFAddress and more. Lastly, I am the Project Manager and Lead of the SWX project. [NEXT] What is SWX? • Data format for Flash • Native • Data is delivered in a SWF shell • The SWX format is a subset of the SWF format (just like JSON is a subset of JavaScript) 3 So... what is SWX? SWX is a data format for Flash. SWX is native. It is the MOST native format for Flash -- because SWX stores its data inside a SWF “shell”. You can think of the SWX format as a subset of the SWF format... ...just like JSON is a subset of JavaScript. [NEXT] Why SWX? • Nothing to deserialize, parse, massage • Simple mash-ups via free public gateway • Support for several APIs • Flickr, Twitter, Nabaztag, more • Runs on any platform that supports Flash 6+ 4 Let’s talk about why SWX was started.. -
How to Get Started with Actionscript Actionscript 3.0 Is the Scripting Language of Adobe Flash Professional
Adobe Flash Professional Guide How to get started with ActionScript ActionScript 3.0 is the scripting language of Adobe Flash Professional. You can use ActionScript to add complex interactivity, playback control, and data display to your application. For example, you might want to animate a picture of a boy walking. By adding ActionScript, you could have the animated boy follow the pointer around the screen, stopping whenever he collides with a piece of animated furniture. ActionScript is an object-oriented programming language. Object-oriented programming is a way to organize the code in a program, using code to define objects and then sending messages back and forth between those objects. You don’t have to be a programmer to take advantage of ActionScript (see “Using Script Assist mode” later in this guide). But the following concepts will help: • Class: The code that defines an object. This code consists of properties, methods, and events. Think of the blueprint of a house: you can’t live in the blueprint, but you need it so you can build the house. You use classes to create objects. • Object: An instance of a class. When you instantiate an object (create an instance of it), you declare what class it is created from and set its properties. You can create as many objects as you want from a single class—if you have a bicycle class, you can create many bicycle objects, each with its own properties (one bicycle might be red while another might be green). • Property: One of the pieces of data bundled together in an object. -
Fighting the War in Memory
Fighting the War in Memory Software Vulnerabilities and Defenses Today Antonio Hüseyin Barresi 2014 2 MorrisMorris WormWorm 3 Long ago – late 1980s • On November 2, 1988 the Morris Worm was released • Mainstream media attention • Conviction under the Computer Fraud and Abuse Act • First well-known program exploiting a buffer overflow http://en.wikipedia.org/wiki/Morris_worm 4 25 years later Memory errors and memory corruption vulnerabilities are still an issue! 5 This talk is about • Why these bugs are still a concern • How exploits work • Modern defenses 6 MotivationMotivation 7 Today, 2014 • Memory errors are still a problem • “Unsafe“ languages like C/C++ very popular • Prediction: C/C++ will be with us for a long time • Yes, there are alternatives... sometimes • Criminals found ways of monetization • Software systems are gaining complexity http://www.langpop.com/ http://www.tiobe.com/index.php/content/paperinfo/tpci/index.html 8 Terminology Exploit “An exploit is a piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug, glitch or vulnerability in order to...“ Zero-Day Attack “A zero-day attack or threat is an attack that exploits a previously unknown vulnerability in a computer application, ...“ http://en.wikipedia.org/wiki/Exploit_(computer_security) http://en.wikipedia.org/wiki/Zero-day_attack 9 Attacks Victim Attacker Runs a malicious web server serving HTML documents that trigger a memory error within the web browser Runs a vulnerable web browser or PDF reader Sends a malicious PDF attachement by email Exploits memory error within vulnerable victim software GET /index.html HTTP/1.1 Host: www.vulnsite.com Keep-Alive: 300 Connection: keep-alive $>./exploit 192.168.1.28 Cookie: CID=r2t5uvjq43 5r4q7ib3vtdjq120f83jf8 ..