10-18, 15:00–15:30 (Europe/Luxembourg), Salle Europe
Many file formats (like MP3) were designed around a great idea but a very bad format, leading to many hurdles, headaches and mistakes.
This talk will introducing the typical mistakes when conceiving a file format, and during its evolution.
Having dissected hundreds of file formats and come up with many different kinds of abuses, whether they are design-based (polyglots, hash collision...) or parser-based (insert your typical fuzzing crash here), the author is familiar with looking at the typical mistakes when exploring specifications, designing a format, or assessing the security of a parser.
Ange is mostly known for his weird files: extreme, ambiguous, polyglots, hash collisions...
Reverse engineer since the 80s, malware analyst professionally since 2005,
he is currently an infosec engineer in the Mandiant Flare team at Google.