Presented at
CactusCon 11 (2023),
Jan. 27, 2023, 5:30 p.m.
(30 minutes).
How does a computer know what type of file it is trying to open? This talk explores magic bytes in headers that allow your OS to determine the type of file and how to open it and goes one step further by writing a Python script that can fool an OS (and most humans) into thinking it is a Bitmap image, all by abusing the magic bytes header. We talk about how the Bitmap header works, and how we can force Python to ignore the image data when we want it to by exploiting an remnant of the Bitmap header that serves no real purpose, demonstrate it in action, and we also will demonstrate how you can store base64 encoded data as the image itself and use the image to transport your malware or other scripts you want to execute. We will discuss the security implications for bypassing detection and getting clever when trying to drop a malicious file into a target for exploitation.
Presenters:
-
nuclearfarmboy
- Sr. Security Engineer at Twitter, former Nuclear Engineer and goat farmer
Cervando is currently a Sr. Security Engineer at Twitter working on Red Teaming and Adversary Emulation. His previous experiences include: Cyber Threat Intel at Amazon, Offensive Security Engineer at MITRE Corp., Red Team Operator with the DoD, Nuclear Weapon Dismantlement Research at VERTIC, and 10 years as a goat farmer. He collects master's degrees like they're Pokemon cards, likes to break into things for fun, and his catchphrase "I'm going to try something dumb here" strikes fear into the hearts of his parents.
Links:
Similar Presentations: