Fearsome File Formats

2024-12-28T01:39:44-05:00

Presented at 38C3 in Hamburg on the 28th December 2024. Video recording: https://media.ccc.de/v/38c3-fearsome-file-formats With so many open-source parsers being tested and fuzzed, and widely available specs, what could go wrong with file formats nowadays ? Nothing to fear, right? Let's explore even darker corners of their landscape! Even extreme simplicity can misleadingly lead to unexpected challenges. And at the other end of the spectrum, new complex constructs appeared over the years: near-polyglots, timecryption, hashquines … Even AI is an element of the game now. Let's play FileCraft, and enjoy the ride!

Overview of file type identifiers

2024-10-24T08:03:23-04:00

Yara, LibMagic (file, binwalk, polyfile), TrID, Yara, Magika, PeID, Pronom, FDD, ShareMime, DiE... How do they work? What are their pros and cons, their limitations, their risks? Presented at Hack.Lu on the 24th October 2024. Video recording: https://youtu.be/PBbld8xB2Bo

A question of time

2024-06-25T04:24:49-04:00

Keynote at Troopers, 26 June 2024, Heidelberg.

SBuD: InfoVis in InfoSec

2023-10-16T04:25:38-04:00

Have you ever taken the screenshot of a hex viewer or a text editor, then you wanted to add annotations, highlights, descriptions? Ever tried to update someone else's visualisation? Sbud is a set of visualisation renderers driven by text. Offline, no framework, no dependency. Themes and fonts are supported. MIT licence. Save as SVG, PDF, PNG... Text is kept, still selectable, still updatable. Video recording @ https://www.youtube.com/watch?v=O_7x2qhayDQ

Generating Weird Files

2023-06-26T01:21:08-04:00

Technical challenges with file formats

2022-12-14T10:01:17-05:00

"Technical challenges"? More like horrors! Let's explore first the technical debt of old file formats, with the evolution of the "MP3" format. Then we go through more recent forms of file format abuses and tools: polyglots, polymocks, and crypto-polyglots. Last, an overview of recent collisions and other forms of art with MD5. They say that with file formats, "specs are enough". Should we laugh, cry or run away screaming? Presented at Digital Preservation Coalition's CyberSec & DigiPres event.

Inside out - abusing archive file formats

2022-06-26T16:51:22-04:00

If a format structure isn't vulnerable, can that change once wrapped in an archive? File formats abuses depend on specific structure characteristics, which makes some file formats not vulnerable. It's however quite common to wrap some formats in specific archive formats. Combining a format structure with an archive structure may change the outcome, making the result vulnerable by exploiting outside of the box. video recording @ https://youtu.be/VPQHMNUxm8c

Relations between archive formats

2022-04-08T08:51:28-04:00

What’s the relation between Gzip, Zip, Zlib and Deflate?

Beyond your studies v2

2021-12-14T12:05:39-05:00

Things I wish I understood when I was a student. Presented at the Warwick University. Recording: https://www.youtube.com/watch?v=a0V7bAzw5sE

Generating weird files

2021-07-05T08:36:13-04:00

Generating mocks, polyglots, near polyglots with Mitra Presented at Pass the SALT 2021 Video recording: https://passthesalt.ubicast.tv/videos/2021-generating-weird-files/ Get the PDF viewer executable via the following command lines: openssl enc -in "Generating_weird_files.pdf" -out ciphertext -aes-128-ctr -iv 00000000000000000000e7c600000002 -K 4e6f773f000000000000000000000000 openssl enc -in ciphertext -out viewer.exe -aes-128-ctr -iv 00000000000000000000e7c600000002 -K 4c347433722121210000000000000000

You are not an idiot

2021-05-21T15:49:48-04:00

You are *not* an idiot ~ or maybe we're all idiots. Keynote at NorthSec 2021. Talking about school, failure, success, diploma, impostor syndrom, manipulators, burn out, suicide, and how to deal with them. The talk delivery was more personal, the slides are kept generic. The recording is available @ https://www.youtube.com/watch?v=R9LsaYs3kpk Old link: https://www.youtube.com/watch?v=Iu70J49bPlE&t=20869s (starts at 5:47:49)

TimeCryption

2021-04-08T12:30:37-04:00

Clean now, malicious later. AKA Abusing one-time pads with binary polyglots. Stefan Kölbl, Ange Albertini Recording @ https://www.youtube.com/watch?v=liancIA1m9w (old link @ https://www.youtube.com/watch?v=VWsjcnxiyUE&t=500s)

Formats de fichiers: décisions et conséquences

2019-11-25T11:15:34-05:00

GT SSLR 19 Groupe de Travail "Sécurité des Systèmes, des Logiciels et des Réseaux" https://gtsslr19.sciencesconf.org/program

KILL MD5

2019-06-23T14:05:38-04:00

Demystifying hash collisions. Pass the Salt, 1st July 2019. video @ https://passthesalt.ubicast.tv/videos/kill-md5-demystifying-hash-collisions/ Hack.Lu, 22 October 2019. video @ https://www.youtube.com/watch?v=JXazRQ0APpI

Colltris

2019-06-29T10:26:12-04:00

A workshop about hash collisions exploitations. Extra materials @ https://github.com/corkami/collisions/blob/master/workshop/README.md Current version: 2022/06/16 - 233 slides. Past sessions: 2019/07/02 150p @ Pass The Salt 2019/07/24 199p @ Google 2019/08/19 208p @ Google 2019/10/23 222p @ Hack.lu 2019/11/07 225p @ Black Alps 2019/12/03 229p @ Google

Improving file formats - from 📜 to 📕 ?

2019-05-30T07:07:31-04:00

Reflections on the problems and some potential solutions.

No more dumb hex!

2019-03-21T10:10:31-04:00

Rethinking binary tooling Troopers, Heidelberg, Germany video recording: https://www.youtube.com/watch?v=264OmDG8m7M 21 March 2019 co-presented and designed with Rafał Hirsz https://github.com/corkami/sbud https://github.com/evoL/albert

Education & communication

2018-10-17T10:28:58-04:00

video @ https://www.youtube.com/watch?v=Y_BBQlR-SUo Presented at Hack.Lu The complete series: I - your future https://speakerdeck.com/ange/beyond-your-studies II - you https://speakerdeck.com/ange/infosec-and-failures III - your surroundings https://speakerdeck.com/ange/education-and-communication Abstract: Information security is thankfully not limited to what experts know and can do, because they can’t do much on their own, and non-experts will always be the weakest link. An important part of Infosec problems is about dealing with ‘standard’, non-expert people. So…let’s just tell them that they’re idiots, that they shouldn’t use ‘123456’ as password (and change it every week), install an antivirus, auto-update their system, stop clicking on links, uninstall Flash and Java! Problems solved! We told them. What else do you expect? Oh, they won’t listen? Stupid ignorants. We did our job, didn’t we? It’s their problem… Maybe not? This talk is about your relation with the non-technical people we have to deal with - whether we like it or not - in the world of Infosec.