Blitzableiter - New Tool to Shiled Against Flash Attacks !
Blitzableiter codenamed as Lightning Rod, it the mitigation technology filters malicious Flash (.SWF) files before they can carry out an attack against a vulnerability in the Adobe Flash Player.
First version has been officially launched at FIRST conference in Vienna (June 12-17, 2011). The beta version has already been used by several companies, including a large social networking site in Europe.
The general idea behind Blitzableiter is a method called normalization through recreation. The potentially malicious input file is read, parsed and interpreted as completely as possible, applying very strict rules of specification compliance in the process. If the input file is violating those rules, it is rejected as invalid. After the initial parsing, the original input file is discarded completely and a new file is created, based on the information obtained from the original input file.
Blitzableiter itself is entirely managed code for the .NET runtime environment. This prevents malicious Flash files from targeting the Blitzableiter parser instead of the Flash runtime parser for exploitation of memory corruptions, as .NET provides superior protection against those.
For more interesting technical details and to download, visit Blitzableiter project page
(securityxploded forum)
'Browse...' Click -> 'bb.exe' file choice
Blitzableiter Project Home
Download
[Presentation] DEFCON 18: Blitzableiter: the Release
[Presentation] Black Hat USA 2010: Blitzableiter: The Release
Blitzableiter codenamed as Lightning Rod, it the mitigation technology filters malicious Flash (.SWF) files before they can carry out an attack against a vulnerability in the Adobe Flash Player.
First version has been officially launched at FIRST conference in Vienna (June 12-17, 2011). The beta version has already been used by several companies, including a large social networking site in Europe.
The general idea behind Blitzableiter is a method called normalization through recreation. The potentially malicious input file is read, parsed and interpreted as completely as possible, applying very strict rules of specification compliance in the process. If the input file is violating those rules, it is rejected as invalid. After the initial parsing, the original input file is discarded completely and a new file is created, based on the information obtained from the original input file.
Blitzableiter itself is entirely managed code for the .NET runtime environment. This prevents malicious Flash files from targeting the Blitzableiter parser instead of the Flash runtime parser for exploitation of memory corruptions, as .NET provides superior protection against those.
For more interesting technical details and to download, visit Blitzableiter project page
(securityxploded forum)
'Browse...' Click -> 'bb.exe' file choice
Blitzableiter Project Home
Download
[Presentation] DEFCON 18: Blitzableiter: the Release
[Presentation] Black Hat USA 2010: Blitzableiter: The Release
