Threat Research

Dissecting Flash with EASE

By Guillaume Lovet | October 06, 2011

EASE stands for Experimental ActionScript Emulator, and besides being a pun of debatable quality, it is the in-house tool we at FortiGuard use to analyse malicious Flash samples, unpack obfuscated code (if applicable), and automatically detect heap spraying and JIT spraying (two techniques essential to bypass DEP/ASLR when exploiting a vulnerability).

Adobe Flash being nearly ubiquitous today, this is quite a useful tool for analysts and security researchers alike. Now for the bad news, which actually lays in its very name: It's experimental. But we have good news to balance that: FortiGuard researcher Bing Liu will detail EASE and demo it tomorrow at VirusBulletin 2011, in Barcelona.

So, if you are interested in Flash malware or Flash exploits and you attend the conference, make sure not to miss Bing's presentation.

And if you missed Crypto Girl's presentation yesterday, you can still catch her around the conference - she's quite easy to spot with her superhero costume.

Join the Discussion