Abusing archive-based file formats
2022-07-05, 14:00–14:35 (Europe/Paris), Amphitheater

If a format structure isn't vulnerable, can that change once wrapped in an archive ?

File formats abuses depend on specific structure characteristics, which makes some file formats not vulnerable. It's however quite common to wrap some formats in specific archive formats.
Combining a format structure with an archive structure may change the outcome, making the result vulnerable by exploiting outside of the box.

See also: 🎥 video

See also: slides

Reverse engineer passionate for file formats.
Currently infosec engineer at Google.