Explore the intricacies of bypassing Adobe Flash input validation in this 39-minute conference talk recorded at Radboud Universiteit, Nijmegen. Delve into sandboxing techniques used by vendors to restrict application trust boundaries and minimize potential system damage. Examine two sandbox escape vulnerabilities in Adobe Flash, CVE-2016-4271 and CVE-2017-3085, which enable local data exfiltration and obtaining Windows user credentials. Analyze the underlying causes, including arbitrary definitions of "remote" and "local," insufficient input validation schemes, and unmitigated platform-specific vulnerabilities. Gain insights into the importance of Flash as an attack vector and object of study, despite recent deprecation efforts. Learn about embedding Flash code, security sandboxes, SMB authentication, and NTLMv2 hashes. Discover testing methods for susceptibility and explore cross-domain policy files. Conclude with remarks on the significance of understanding these vulnerabilities and an invitation to engage in ethical hacking. Read more