Critical .zip vulnerabilities? - Zip Slip and ZipperDown
What is going on with .zip files. What is this new critical vulnerability that seems to affect everything? ... old is new again.
Resources:
- ZipperDown: https://zipperdown.org/
- Zip Slip: https://snyk.io/research/zip-slip-vulnerability
- Zip Specification: https://pkware.cachefly.net/webdocs/casestudies/APPNOTE.TXT
- The Complete Guide to Hacking WWIV: http://phrack.org/issues/34/5.html#article
- Go library Fix Bypass: https://github.com/mholt/archiver/pull/65#issuecomment-395988244
Gynvael:
- Hacking Livestream #53: The ZIP file format https://www.youtube.com/watch?v=X7j2sisMKzk
- Ten thousand security pitfalls: the ZIP file format http://gynvael.coldwind.pl/?id=682
- GynvaelEN Channel: https://www.youtube.com/GynvaelEN
- Twitter: https://twitter.com/gynvael
Ange Albertini / Corkami
- Funky Fileformats Talk: https://www.youtube.com/watch?v=hdCs6bPM4is
- Funky Fileformats Slides: https://events.ccc.de/congress/2014/Fahrplan/system/attachments/2562/original/Funky_File_Formats.pdf
- Twitter: https://twitter.com/angealbertini / https://twitter.com/corkami
-=[ 🔴 Stuff I use ]=-
→ Microphone:* https://geni.us/ntg3b
→ Graphics tablet:* https://geni.us/wacom-intuos
→ Camera#1 for streaming:* https://geni.us/sony-camera
→ Lens for streaming:* https://geni.us/sony-lense
→ Connect Camera#1 to PC:* https://geni.us/cam-link
→ Keyboard:* https://geni.us/mech-keyboard
→ Old Microphone:* https://geni.us/mic-at2020usb
US Store Front:* https://www.amazon.com/shop/liveoverflow
-=[ ❤️ Support ]=-
→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: https://twitter.com/LiveOverflow/
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/
-=[ 📄 P.S. ]=-
All links with "*" are affiliate links.
LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm.
#CVE #SecurityResearch
Видео Critical .zip vulnerabilities? - Zip Slip and ZipperDown канала LiveOverflow
Resources:
- ZipperDown: https://zipperdown.org/
- Zip Slip: https://snyk.io/research/zip-slip-vulnerability
- Zip Specification: https://pkware.cachefly.net/webdocs/casestudies/APPNOTE.TXT
- The Complete Guide to Hacking WWIV: http://phrack.org/issues/34/5.html#article
- Go library Fix Bypass: https://github.com/mholt/archiver/pull/65#issuecomment-395988244
Gynvael:
- Hacking Livestream #53: The ZIP file format https://www.youtube.com/watch?v=X7j2sisMKzk
- Ten thousand security pitfalls: the ZIP file format http://gynvael.coldwind.pl/?id=682
- GynvaelEN Channel: https://www.youtube.com/GynvaelEN
- Twitter: https://twitter.com/gynvael
Ange Albertini / Corkami
- Funky Fileformats Talk: https://www.youtube.com/watch?v=hdCs6bPM4is
- Funky Fileformats Slides: https://events.ccc.de/congress/2014/Fahrplan/system/attachments/2562/original/Funky_File_Formats.pdf
- Twitter: https://twitter.com/angealbertini / https://twitter.com/corkami
-=[ 🔴 Stuff I use ]=-
→ Microphone:* https://geni.us/ntg3b
→ Graphics tablet:* https://geni.us/wacom-intuos
→ Camera#1 for streaming:* https://geni.us/sony-camera
→ Lens for streaming:* https://geni.us/sony-lense
→ Connect Camera#1 to PC:* https://geni.us/cam-link
→ Keyboard:* https://geni.us/mech-keyboard
→ Old Microphone:* https://geni.us/mic-at2020usb
US Store Front:* https://www.amazon.com/shop/liveoverflow
-=[ ❤️ Support ]=-
→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: https://twitter.com/LiveOverflow/
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/
-=[ 📄 P.S. ]=-
All links with "*" are affiliate links.
LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm.
#CVE #SecurityResearch
Видео Critical .zip vulnerabilities? - Zip Slip and ZipperDown канала LiveOverflow
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
Solving a JavaScript crackme: JS SAFE 2.0 (web) - Google CTF 2018Buffer Overflow Attack - ComputerphileHardware Power Glitch Attack (Fault Injection) - rhme2 Fiesta (FI 100)What do Nintendo Switch and iOS 9.3 have in common? CVE-2016-4657 walk-throughMMORPG Bot Reverse Engineering and TrackingSome thoughts on Mobile App Security - is it FUD?Developing a TCP Network Proxy - Pwn Adventure 3Researching MissingNo Glitch in PokemonGlobal variable Buffer Overflow to leak memory - 34C3 CTF readme_revenge (pwn)Breaking AES with ChipWhisperer - Piece of scake (Side Channel Analysis 100)Custom Chromium Build to Reverse Engineer Pop-Under TrickAnalysing a Firefox Malware browserassist.dll - FLARE-On 2018DEF CON CTF 2018 FinalsBlind GQL injection and optimised binary search - A7 ~ Gee cue elle (misc) Google CTF 2017The Curse of Cross-Origin Stylesheets - Web Security ResearchThe Heap: what does malloc() do? - bin 0x14Reverse engineering obfuscated JavaScript - PopUnder Chrome 59Why MissingNo Multiplies Items!Dissecting Pokemon Red SavegameAnalyzing the Game Network Protocol - Pwn Adventure 3