Haifei Li at CanSecWest 2011: Understanding and Exploiting Flash Vulnerabilities
Today starts CanSecWest 2011, in Vancouver, BC. The famous conference - which hosts the equally famous Pwn2Own contest - gathers some of the top security researchers in the World, addressing topics such as exploitation techniques (eg: the presentation on Stale Pointers by the Zynamics guys), fuzzing, gaming console security, embedded systems... Collin Mulliner will apparently elaborate on wide scale implications of his SMS-of-death attack, while Dan Kaminsky is set to wrap up ten years of security improvements...or lack thereof. The complete program is here.
Among the big names, our own FortiGuard's researcher Haifei Li, my co-nominee for the 2010 "most innovative research" pwnie award will present his new research: Understanding and Exploiting Flash ActionScript Vulnerabilities.
For about an hour, Haifei will elaborate on the essence of ActionScript-level vulnerabilities in the ubiquitous Flash player, going into the depths of the ActionScript Virtual Machine and dissecting the Just-In-Time compiler implementation, so as to expose a general approach to exploit them, in spite of DEP and ASLR protections.
If you're interested in Flash vulnerabilities, and are in the neck of the woods, be sure to attend his presentation on Thursday!