On 18th of April I will be presenting on the ZIP file format from a security point of view (which is one of my favorite topics) at the THI in Ingolstadt / Germany. The talk is free to attend, but requires registration as space is limited.
What: "Ten thousand security pitfalls: the ZIP file format"
When: 18 April 2018, 17:00 CEST (i.e. local time)
Where: Technische Hochschule Ingolstadt, Germany
WWW: More information and registration
I would like to thank Kevin and Prof. Dr.-Ing. Hans-Joachim Hof for the invitation.
See you at the THI!

Sections
- lang:
|
- RSS:
|
- About me
- Tools
- → YT YouTube (EN)
- → D Discord
- → M Mastodon
- → T Twitter
- → GH GitHub
Links / Blogs
- Security/Hacking:
- Reverse Eng./Low-Level:
- Programming/Code:
Posts
- No, CTRL+D in Linux terminal doesn't send EOF signal,
- New edu platform and 'Sanitization and Validation and Escaping, Oh My!' article,
- On hackers, hackers, and hilarious misunderstandings,
- Paged Out! #5 is out,
- CVEs of SSH talk this Thursday,
- Debug Log: Internet doesn't work (it was the PSU),
- FAQ: The tragedy of low-level exploitation,
- Solving Hx8 Teaser 2 highlight videos!,
- Gynvael on SECURITYbreak podcast,
- Paged Out! #4 is out,
- → see all posts on main page
// copyright © Gynvael Coldwind
// design & art by Xa
// logo font (birdman regular) by utopiafonts / Dale Harris
/* the author and owner of this blog hereby allows anyone to test the security of this blog (on HTTP level only, the server is not mine, so let's leave it alone ;>), and try to break in (including successful breaks) without any consequences of any kind (DoS attacks are an exception here) ... I'll add that I planted in some places funny photos of some kittens, there are 7 of them right now, so have fun looking for them ;> let me know if You find them all, I'll add some congratz message or sth ;> */
Vulns found in blog:
* XSS (pers, user-inter) by ged_
* XSS (non-pers) by Anno & Tracerout
* XSS (pers) by Anno & Tracerout
* Blind SQLI by Sławomir Błażek
* XSS (pers) by Sławomir Błażek
// design & art by Xa
// logo font (birdman regular) by utopiafonts / Dale Harris
/* the author and owner of this blog hereby allows anyone to test the security of this blog (on HTTP level only, the server is not mine, so let's leave it alone ;>), and try to break in (including successful breaks) without any consequences of any kind (DoS attacks are an exception here) ... I'll add that I planted in some places funny photos of some kittens, there are 7 of them right now, so have fun looking for them ;> let me know if You find them all, I'll add some congratz message or sth ;> */
Vulns found in blog:
* XSS (pers, user-inter) by ged_
* XSS (non-pers) by Anno & Tracerout
* XSS (pers) by Anno & Tracerout
* Blind SQLI by Sławomir Błażek
* XSS (pers) by Sławomir Błażek
Comments:
could you maybe upload the slides of your talk? At http://gynvael.coldwind.pl/?id=523 are only old slides.
Thanks!
PS: Was a really interesting talk. Never ever thought about all the possibilitys concerning ZIP.
BR
JJ
Thanks :)
You can find the slides here: http://gynvael.coldwind.pl/?lang=en&id=682 (I'll upload the scripts I used tomorrow).
Add a comment: