Public
- Public
- Network
- Groups
- Featured
- Popular
- People

Conversation

Notices

Embed this notice
Ange (ange@mastodon.social)'s status on Wednesday, 18-Sep-2024 17:55:20 JST Ange

Some tools detect the EICAR file in Zip files by size and CRC so that it even detects it in password-protected zips without having the password.
This can of course lead to accidental or intentional FPs.

In conversation about 2 months ago from mastodon.social permalink
- Embed this notice
  Ange (ange@mastodon.social)'s status on Wednesday, 18-Sep-2024 17:55:19 JST Ange
  in reply to
  
  Some even detect a CRC-colliding file if there's no password.
  In conversation about 2 months ago permalink
  Attachments
  1. A terminal showing a ZIP containing a file with the same CRC and size of the EICAR file but with different content.
    https://files.mastodon.social/media_attachments/files/113/157/571/019/168/588/original/824bea2d4d4e9fa5.png
  2. That innocent ZIP is detected by 12 tools on VirusTotal.
    https://files.mastodon.social/media_attachments/files/113/157/576/859/868/109/original/5d1ad0266a70abf9.png
  Ryan Castellucci :nonbinary_flag: repeated this.
- Embed this notice
  Ange (ange@mastodon.social)'s status on Wednesday, 18-Sep-2024 17:55:19 JST Ange
  in reply to
  
  CRC-forging is also useful to collide arbitrary contents inside a ZIP archive. It makes possible re-usable and instant MD5 collisions for ZIP-based documents such as DOCX, XLSX, EPUB, XPS, 3MF.
  https://speakerdeck.com/ange/inside-out-abusing-archive-file-formats
  In conversation about 2 months ago permalink
  Attachments
  1. Domain not in remote thumbnail source whitelist: files.speakerdeck.com
    
    Inside out - abusing archive file formats
    
    from Ange Albertini
    
    If a format structure isn't vulnerable, can that change once wrapped in an archive? File formats abuses depend on specific structure characteristics,…

Public

Conversation

Notices

Feeds