ange - Network

Interesting infection chain using polyglots:...

Interesting infection chain using polyglots: https://www.proofpoint.com/us/blog/threat-insight/call-it-what-you-want-threat-actor-delivers-highly-targeted-multistage-polyglot

@nicolasvivant Amusant, ton avatar :)

@nicolasvivant Amusant, ton avatar :)

Any requests or questions on PDF manipulations ? (Or another format)

Any requests or questions on PDF manipulations ? (Or another format)

ICYDK restrictions in PDF (copy pasting, printing…) are linked to encryption, which often uses an empty user password : no password...

ICYDK restrictions in PDF (copy pasting, printing…) are linked to encryption, which often uses an empty user password : no password prompt, but the file is still encrypted.
So just decrypting the file (via qpdf, pdftk, print to PDF,…) removes these restrictions.

The livestream on PDF file structure is up.Following the PDF basics livestream, it covers all kinds of PDF structures that you can see in...

The livestream on PDF file structure is up.
Following the PDF basics livestream, it covers all kinds of PDF structures that you can see in the wild and how to convert them to a classic and accessible form.
https://www.youtube.com/live/9XNdTAPUI68?si=8uZMetcHFdf0R6t9

Today, the follow-up from PDF basics:What you need to know to edit any PDF.https://www.youtube.com/live/9XNdTAPUI68?si=qYmcv7x5OqyjGYaV

Today, the follow-up from PDF basics:
What you need to know to edit any PDF.
https://www.youtube.com/live/9XNdTAPUI68?si=qYmcv7x5OqyjGYaV

I just pushed an update to logparse to detect the near-collision blocks (w/ no difference) of TextColl.Thanks...

I just pushed an update to logparse to detect the near-collision blocks (w/ no difference) of TextColl.
Thanks Marc!
https://github.com/corkami/collisions

The livestream on hashcolls mitigations is up.Covering the hashcoll tag in VT, specific file format structures, defanging files,...

The livestream on hashcolls mitigations is up.
Covering the hashcoll tag in VT, specific file format structures, defanging files, Stevens' DetectColl, safe hashes...
https://www.youtube.com/live/1D6C6z_25cE?si=GmDi17uII1xj7rUi&t=33

J’espère bien !J’aurais l’air de quoi si je n’avais plus que des fichiers normaux ?!

J’espère bien !
J’aurais l’air de quoi si je n’avais plus que des fichiers normaux ?!

The next livestream will be on mitigating hash collisions: preventing them at format design, filtering them out or detecting...

The next livestream will be on mitigating hash collisions: preventing them at format design, filtering them out or detecting them.
https://www.youtube.com/live/A7EBbGv1B3U?si=G0zp4eRd0agKSzxY

The livestream on multi-hashcolls is up!Awesome that David joined and commented on his own...

The livestream on multi-hashcolls is up!
Awesome that David joined and commented on his own hashquines!
https://www.youtube.com/live/-asJnf-S2Nk?si=DCACWGTQyFVOmN1a

In 15 minutes…https://www.youtube.com/live/-asJnf-S2Nk?si=KJxdHBTwl5nZmMSj

In 15 minutes…
https://www.youtube.com/live/-asJnf-S2Nk?si=KJxdHBTwl5nZmMSj

The livestream on crypto-polyglots is up!https://www.youtube.com/live/RP5PVRUs6L8?si=udjoa6O0MSyq6w9D

The livestream on crypto-polyglots is up!
https://www.youtube.com/live/RP5PVRUs6L8?si=udjoa6O0MSyq6w9D

In my next livestream, I’ll hexplore crypto-polyglots:- files that remain valid after encryption.- contents that decrypts to different...

In my next livestream, I’ll hexplore crypto-polyglots:
- files that remain valid after encryption.
- contents that decrypts to different valid content via different keys, with authenticated decryption.
https://www.youtube.com/live/RP5PVRUs6L8?si=cEFkVUC1AeTGri7k

More advanced hash collisions: Shattered++, Lossless jpegs, jpeg as data & image, .tar.gz and Zip+XML (instant Office document...

More advanced hash collisions: Shattered++, Lossless jpegs, jpeg as data & image, .tar.gz and Zip+XML (instant Office document collisions).
https://www.youtube.com/live/fCNx2cO0Q98?si=G6ZwfacDO5utxSgu

In the next livestream tonight, we’ll hexplore more advanced hash collisions tricks....

In the next livestream tonight, we’ll hexplore more advanced hash collisions tricks.
https://www.youtube.com/live/fCNx2cO0Q98?si=xln4a4n_5BJ9wR5c

We hexplored the basics of hash collisions and how they can be exploited, exploiting MD5 with Png, Gif, mp4 or Jpg, and also Pdf with SHA1...

We hexplored the basics of hash collisions and how they can be exploited, exploiting MD5 with Png, Gif, mp4 or Jpg, and also Pdf with SHA1 of course!
https://www.youtube.com/live/wv8aiqWE3Iw?si=XA0yX9Cgr__B71B3

In the next livestream, we’ll extend file format tricks to cryptography and abuse hash...

In the next livestream, we’ll extend file format tricks to cryptography and abuse hash collisions:
https://www.youtube.com/live/wv8aiqWE3Iw?si=WZrtj_4h90oh-gOM

...and our paper on authenticated encryption that has a section on abusing file formats.https://eprint.iacr.org/2020/1456

...and our paper on authenticated encryption that has a section on abusing file formats.
https://eprint.iacr.org/2020/1456

Today, we’ll explore weird files in general (no crypto polyglots or hash collisions, only parasites, mock & polyglots), and how to...

Today, we’ll explore weird files in general (no crypto polyglots or hash collisions, only parasites, mock & polyglots), and how to generate them with Mitra.
https://speakerdeck.com/ange/generating-weird-files-c691cdd5-ea89-4322-839a-29402da0f859

https://github.com/corkami/mitra