Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Auditing the Compression Algorithm Weapon Cache

Black Hat via YouTube

Overview

Explore the devastating potential of decompression bomb attacks in this Black Hat conference talk. Learn about the history, misconceptions, and various types of compression algorithm exploits, including zip bombs, image bombs, and HTTP bombs. Discover how to audit compression algorithms for vulnerabilities, understand the highest compression ratios, and identify the sloppiest parsers. Gain insights into creating a library of open-source tools for security researchers and developers to test application vulnerabilities. Examine real-world examples, including JPEG demos and browser crashes, and learn essential security measures such as limiting resources, request sizes, and compression ratios. Equip yourself with knowledge to guard against this often-overlooked but potentially catastrophic denial of service attack.

Syllabus

Introduction
Topics
About Me
What is a decompression bomb
JPEG demo
Preview crashes
History
Misconceptions
Silicon Valley
Zip Bomb
Zip Cache
Compression Ratio
Security 101
Image bombs
JPEG2000
ZapFly
PNG
Image Dimensions
Separate Workers
HTTP Bombs
Firefox
broadly
crash
zip
compression chart
limiting resources
limiting request sizes
limiting compression ratio
testing
burp image extension
bombedcodes
discussion

Taught by

Black Hat

Reviews

Start your review of Auditing the Compression Algorithm Weapon Cache

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.