Ange Albertini

Fearsome File Formats

Sat, 28 Dec 2024 00:00:00 -0500

Presented at 38C3 in Hamburg on the 28th December 2024. Video recording: https://media.ccc.de/v/38c3-fearsome-file-formats With so many open-source parsers being tested and fuzzed, and widely available specs, what could go wrong with file formats nowadays ? Nothing to fear, right? Let's explore even darker corners of their landscape! Even extreme simplicity can misleadingly lead to unexpected challenges. And at the other end of the spectrum, new complex constructs appeared over the years: near-polyglots, timecryption, hashquines … Even AI is an element of the game now. Let's play FileCraft, and enjoy the ride!

Overview of file type identifiers

Thu, 24 Oct 2024 00:00:00 -0400

Yara, LibMagic (file, binwalk, polyfile), TrID, Yara, Magika, PeID, Pronom, FDD, ShareMime, DiE... How do they work? What are their pros and cons, their limitations, their risks? Presented at Hack.Lu on the 24th October 2024. Video recording: https://youtu.be/PBbld8xB2Bo

A question of time

Wed, 26 Jun 2024 00:00:00 -0400

Keynote at Troopers, 26 June 2024, Heidelberg.

SBuD: InfoVis in InfoSec

Mon, 16 Oct 2023 00:00:00 -0400

Have you ever taken the screenshot of a hex viewer or a text editor, then you wanted to add annotations, highlights, descriptions? Ever tried to update someone else's visualisation? Sbud is a set of visualisation renderers driven by text. Offline, no framework, no dependency. Themes and fonts are supported. MIT licence. Save as SVG, PDF, PNG... Text is kept, still selectable, still updatable. Video recording @ https://www.youtube.com/watch?v=O_7x2qhayDQ

Generating Weird Files

Mon, 26 Jun 2023 00:00:00 -0400

Technical challenges with file formats

Thu, 15 Dec 2022 00:00:00 -0500

"Technical challenges"? More like horrors! Let's explore first the technical debt of old file formats, with the evolution of the "MP3" format. Then we go through more recent forms of file format abuses and tools: polyglots, polymocks, and crypto-polyglots. Last, an overview of recent collisions and other forms of art with MD5. They say that with file formats, "specs are enough". Should we laugh, cry or run away screaming? Presented at Digital Preservation Coalition's CyberSec & DigiPres event.

Inside out - abusing archive file formats

Tue, 05 Jul 2022 00:00:00 -0400

If a format structure isn't vulnerable, can that change once wrapped in an archive? File formats abuses depend on specific structure characteristics, which makes some file formats not vulnerable. It's however quite common to wrap some formats in specific archive formats. Combining a format structure with an archive structure may change the outcome, making the result vulnerable by exploiting outside of the box. video recording @ https://youtu.be/VPQHMNUxm8c

Relations between archive formats

Fri, 08 Apr 2022 00:00:00 -0400

What’s the relation between Gzip, Zip, Zlib and Deflate?

Beyond your studies v2

Tue, 14 Dec 2021 00:00:00 -0500

Things I wish I understood when I was a student. Presented at the Warwick University. Recording: https://www.youtube.com/watch?v=a0V7bAzw5sE

Generating weird files

Tue, 06 Jul 2021 00:00:00 -0400

Generating mocks, polyglots, near polyglots with Mitra Presented at Pass the SALT 2021 Video recording: https://passthesalt.ubicast.tv/videos/2021-generating-weird-files/ Get the PDF viewer executable via the following command lines: openssl enc -in "Generating_weird_files.pdf" -out ciphertext -aes-128-ctr -iv 00000000000000000000e7c600000002 -K 4e6f773f000000000000000000000000 openssl enc -in ciphertext -out viewer.exe -aes-128-ctr -iv 00000000000000000000e7c600000002 -K 4c347433722121210000000000000000

You are not an idiot

Fri, 21 May 2021 00:00:00 -0400

You are *not* an idiot ~ or maybe we're all idiots. Keynote at NorthSec 2021. Talking about school, failure, success, diploma, impostor syndrom, manipulators, burn out, suicide, and how to deal with them. The talk delivery was more personal, the slides are kept generic. The recording is available @ https://www.youtube.com/watch?v=R9LsaYs3kpk Old link: https://www.youtube.com/watch?v=Iu70J49bPlE&t=20869s (starts at 5:47:49)

TimeCryption

Thu, 08 Apr 2021 00:00:00 -0400

Clean now, malicious later. AKA Abusing one-time pads with binary polyglots. Stefan Kölbl, Ange Albertini Recording @ https://www.youtube.com/watch?v=liancIA1m9w (old link @ https://www.youtube.com/watch?v=VWsjcnxiyUE&t=500s)

Formats de fichiers: décisions et conséquences

Wed, 27 Nov 2019 00:00:00 -0500

GT SSLR 19 Groupe de Travail "Sécurité des Systèmes, des Logiciels et des Réseaux" https://gtsslr19.sciencesconf.org/program

KILL MD5

Tue, 22 Oct 2019 00:00:00 -0400

Demystifying hash collisions. Pass the Salt, 1st July 2019. video @ https://passthesalt.ubicast.tv/videos/kill-md5-demystifying-hash-collisions/ Hack.Lu, 22 October 2019. video @ https://www.youtube.com/watch?v=JXazRQ0APpI

Colltris

Tue, 02 Jul 2019 00:00:00 -0400

A workshop about hash collisions exploitations. Extra materials @ https://github.com/corkami/collisions/blob/master/workshop/README.md Current version: 2022/06/16 - 233 slides. Past sessions: 2019/07/02 150p @ Pass The Salt 2019/07/24 199p @ Google 2019/08/19 208p @ Google 2019/10/23 222p @ Hack.lu 2019/11/07 225p @ Black Alps 2019/12/03 229p @ Google

Improving file formats - from 📜 to 📕 ?

Wed, 08 May 2019 00:00:00 -0400

Reflections on the problems and some potential solutions.

No more dumb hex!

Thu, 21 Mar 2019 00:00:00 -0400

Rethinking binary tooling Troopers, Heidelberg, Germany video recording: https://www.youtube.com/watch?v=264OmDG8m7M 21 March 2019 co-presented and designed with Rafał Hirsz https://github.com/corkami/sbud https://github.com/evoL/albert

Education & communication

Wed, 17 Oct 2018 00:00:00 -0400

video @ https://www.youtube.com/watch?v=Y_BBQlR-SUo Presented at Hack.Lu The complete series: I - your future https://speakerdeck.com/ange/beyond-your-studies II - you https://speakerdeck.com/ange/infosec-and-failures III - your surroundings https://speakerdeck.com/ange/education-and-communication Abstract: Information security is thankfully not limited to what experts know and can do, because they can’t do much on their own, and non-experts will always be the weakest link. An important part of Infosec problems is about dealing with ‘standard’, non-expert people. So…let’s just tell them that they’re idiots, that they shouldn’t use ‘123456’ as password (and change it every week), install an antivirus, auto-update their system, stop clicking on links, uninstall Flash and Java! Problems solved! We told them. What else do you expect? Oh, they won’t listen? Stupid ignorants. We did our job, didn’t we? It’s their problem… Maybe not? This talk is about your relation with the non-technical people we have to deal with - whether we like it or not - in the world of Infosec.