[Bro] Shockwave Flash Analyzer

Vlad Grigorescu vladg at illinois.edu
Fri Apr 22 09:57:45 PDT 2016

I do not, but it's a thought I've kicked around before. If there are
specific indicators in the headers that could be linked to malicious
Flash files, I think that would provide more incentive to write such an

Do you (or someone else) know if that's the case? I've seen some
malicious Flash files that claim they're just 1x1 pixels (or maybe even
0x0?), but I'm not sure if that's common for files which are... given
that it's Flash, I'll say "less malicious" rather than "benign." :-)


"John B. Althouse III" <sudo.darkstar at gmail.com> writes:

> Does anyone know of a Shockwave Flash analyzer for Bro? It would be useful
> to gather the metadata in the header like version, width, hight, frame
> rate, frame count, compression ratio, ect.
> Thanks!
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 800 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160422/7f00152c/attachment.bin 

More information about the Bro mailing list