2022-07-05, 14:00–14:35 (Europe/Paris), Amphitheater
If a format structure isn't vulnerable, can that change once wrapped in an archive ?
File formats abuses depend on specific structure characteristics, which makes some file formats not vulnerable. It's however quite common to wrap some formats in specific archive formats.
Combining a format structure with an archive structure may change the outcome, making the result vulnerable by exploiting outside of the box.
See also: 🎥 video
Reverse engineer passionate for file formats.
Currently infosec engineer at Google.