In ~1h, we’ll explore the awesome and clever DOOM.PDF!
www.youtube.com/live/t17joAi...
In ~1h, we’ll explore the awesome and clever DOOM.PDF!
www.youtube.com/live/t17joAi...
I started with very simple concepts like: 'when were "files" being introduced to end-users?'. Then I 'connect' to my previous talk, showing that some old tricks still work in modern setup, such as remote hacking of cars in 2024 via a format from 1977. Then I introduce modern tools such as Mitra, as we move from funky PoCs to fearsome tools, to generate those PoCs. A mention of small format bugs at scale and the risk of privacy leaks: Acropalypse, SQLBuddy. Now it's time for more advanced stuff: near-polyglots, crypto-polyglots, hash collisions and hashquines. And finally, introducing a genuine use of AI in file format filtering at scale, with Magika, the open-source AI filter at Google.
I made my #38C3 talk on file formats (fearsome file formats) for all kinds of audience.
Here's how...
Hopefully, a little bit for all kinds of people!
Recording: media.ccc.de/v/38c3-fears...
28.12.2024 17:21 — 👍 4 🔁 3 💬 0 📌 0
I presented about file formats at #38C3.
Thanks for the feedback everyone!
speakerdeck.com/ange/fearsom...
Some Christmas cheer with @buffaloverflow.rw.md . A nice bug in the URL handler for Delinea Secret Server.
blog.amberwolf.com/blog/2024/de...
Sorry folks, I had to remove the Disconnected GPO project from GitHub... but never fear, it has returned as Disconnected RSAT since it now supports the Certificate Authority and Certificate Templates snap-ins in addition to Group Policy support.
github.com/CCob/DRSAT
Merry CRTmas everyone poc.lol/crtmas/
01.12.2024 22:00 — 👍 11 🔁 2 💬 1 📌 1
Bug Bounty Tip
XSS Filter Bypass: mXSS
Cheers!
Is that a 257. IP address?
25.11.2024 20:51 — 👍 0 🔁 0 💬 0 📌 0
This hack is brilliant, APT28 hopping into a target environment over wifi by compromising neighbouring companies and finding a dual-homed host within range.
volexity.com/blog/2024/11...
And yet... they got caught doing this!
