Jarkko Turkulainen, a Senior Researcher on our Threat Intelligence team, has (today!) publicly released a research tool called Reflash. It’s a proof-of-concept framework for analyzing Adobe Flash files. It produces an SQL database of Flash VM stack trace by injecting dynamically generated instrumentation to Flash files. The SQL database can later be analyzed with various tools.
In the Reflash repository, there is also a technical research paper for those interested in the internals of the tool.
And Jarkko’s presentation, available here, is helpful for those wanting to set up the tool.
Share and enjoy.