Flash Exploits
https://securelist.com/how-exploit-packs-are-concealed-in-a-flash-object/69727/
2/24/2019
This article addresses a “new” way (2014/2015)in which Flash exploits are used with the Neutrino exploit pack. Instead of dropping a malicious flash file, the flash binary itself rewrites the page which is being viewed by the browser.
The Flash binary will load exploits onto the users computer, using an image/configuration file in some cases. Normal methods of decompiling using common methods do not work, and it will not be detected using normal extensions/security tools.
The code has objects that are obfuscated using hex, RC4, as well as a deflate algorithm. The code itself uses CVEs which allow the use of system legitimate Windows DLLs to give access to a shell. Then a script is dropped on the victims computer and executed.
The CVEs listed have been addressed for the most part, but this brings in the importance of keeping up to date.