Does anyone know of a Shockwave Flash analyzer for Bro? It would be useful to gather the metadata in the header like version, width, hight, frame rate, frame count, compression ratio, ect.
Thanks!
I do not, but it's a thought I've kicked around before. If there are
specific indicators in the headers that could be linked to malicious
Flash files, I think that would provide more incentive to write such an
analyzer.
Do you (or someone else) know if that's the case? I've seen some
malicious Flash files that claim they're just 1x1 pixels (or maybe even
0x0?), but I'm not sure if that's common for files which are... given
that it's Flash, I'll say "less malicious" rather than "benign." 
--Vlad
"John B. Althouse III" <sudo.darkstar@gmail.com> writes: