Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Binary art - funky PoCs & visual docs

Sponsored · Your Podcast. Everywhere. Effortlessly. Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
Avatar for Ange Albertini Ange Albertini
March 21, 2014
Technology
260
1

Binary art - funky PoCs & visual docs

Avatar for Ange Albertini

Ange Albertini

March 21, 2014

More Decks by Ange Albertini

See All by Ange Albertini
Fearsome File Formats
Avatar for Ange Albertini ange
0
1k
Overview of file type identifiers
Avatar for Ange Albertini ange
0
1.4k
A question of time
Avatar for Ange Albertini ange
0
1.2k
SBuD: InfoVis in InfoSec
Avatar for Ange Albertini ange
1
950
Generating Weird Files
Avatar for Ange Albertini ange
0
470
Technical challenges with file formats
Avatar for Ange Albertini ange
1
2.3k
Inside out - abusing archive file formats
Avatar for Ange Albertini ange
3
2k
Relations between archive formats
Avatar for Ange Albertini ange
0
2.4k
Beyond your studies v2
Avatar for Ange Albertini ange
2
1.1k

Other Decks in Technology

See All in Technology
Databricksを用いたセキュアなデータ基盤構築とAIプロダクトへの応用.pdf
Avatar for PKSHA Technology(パークシャテクノロジー) pkshadeck
PRO
0
240
2026年度新卒技術研修 サイバーエージェントのデータベース 活用事例とパフォーマンス調査入門
Avatar for CyberAgent cyberagentdevelopers
PRO
6
7.1k
バックオフィスPJのPjMをコーポレートITが担うとうまくいく3つの理由
Avatar for chama yueda256
1
300
Babylon.js Japan Activities (2026/4)
Avatar for Limes2018 limes2018
0
200
AIを活用したアクセシビリティ改善フロー
Avatar for 出口 裕貴 degudegu2510
1
160
ログ基盤・プラグイン・ダッシュボード、全部整えた。でも最後は人だった。
Avatar for Masaki Kubota makikub
5
1.3k
40代からのアウトプット ― 経験は価値ある学びに変わる / 20260404 Naoki Takahashi
Avatar for SHIFT EVOLVE shift_evolve
PRO
5
920
インフラを Excel 管理していた組織が 3 ヶ月で IaC 化されるまで
Avatar for ギークプラス ソフトウェア事業部 geekplus_tech
3
170
AIドリブン開発の実践知 ― AI-DLC Unicorn Gym実施から見えた可能性と課題
Avatar for MIXI ENGINEERS mixi_engineers
PRO
0
120
AgentCore RuntimeからS3 Filesをマウントしてみる
Avatar for Har1101 har1101
3
390
LLM とプロンプトエンジニアリング/チューターを定義する / LLMs and Prompt Engineering, and Defining Tutors
Avatar for Kenji Saito ks91
PRO
0
320
さくらのクラウドでつくるCloudNative Daysのオブザーバビリティ基盤
Avatar for Taisuke Okamoto a.k.a BigBaBy b1gb4by
0
140

Featured

See All Featured
The AI Revolution Will Not Be Monopolized: How open-source beats economies of scale, even for LLMs
Avatar for Ines Montani inesmontani
PRO
3
3.3k
Build your cross-platform service in a week with App Engine
Avatar for Jose L jlugia
234
18k
More Than Pixels: Becoming A User Experience Designer
Avatar for Michelle Schulp Hunt marktimemedia
3
370
Designing Dashboards & Data Visualisations in Web Apps
Avatar for Des Traynor destraynor
231
54k
Building Adaptive Systems
Avatar for Chris Keathley keathley
44
3k
Mozcon NYC 2025: Stop Losing SEO Traffic
Avatar for Sam Torres samtorres
0
200
Leadership Guide Workshop - DevTernity 2021
Avatar for David Neal reverentgeek
1
260
So, you think you're a good person
Avatar for Per Axbom axbom
PRO
2
2k
Between Models and Reality
Avatar for mayunak mayunak
3
260
Rebuilding a faster, lazier Slack
Avatar for samanthasiow samanthasiow
85
9.4k
Redefining SEO in the New Era of Traffic Generation
Avatar for Szymon Słowik szymonslowik
1
270
The Anti-SEO Checklist Checklist. Pubcon Cyber Week
Avatar for Ryan Jones ryanjones
0
110

Transcript

  1. Insomni’hack Geneva, Switzerland Ange Albertini 2014/03/21 funky PoCs & visual

    docs

  2. http:// corkami.com reverse engineering & visual documentations

  3. boring? • file formats were supposed to be safe ◦

    public specs ◦ open-source parsers • {weirdness} == {exploits} ? • software = parse, sanitize, recover

  4. formats’ diversity 1/2 no header • COM (1982), MBR (1982)

    magic signature • none: DOL (2001) • 2: TIFF, PE • 4: most standard • >4: PNG, PDF

  5. start offset: • archives • range: PDF • mostly 0

    special properties • deprecated header: PE • variable scanning direction: PDF • multi-versions: BMP • scanned chunk: JPEG • no official names: ZIP formats’ diversity 2/2
  6. None
  7. None
  8. None
  9. None
  10. None
  11. None
  12. None

  13. quine (relay)

  14. None

  15. polyglot

  16. None
  17. None
  18. None
  19. None
  20. None

  21. schizophren

  22. None

  23. misc

  24. None

  25. 128, 217, 255, 217, 128, 38, 1, 38

  26. None
  27. None
  28. None

  29. crypto-tology: for anything crypto, ask @veorq (coz he’s awesome)

  30. None
  31. None
  32. None
  33. None
  34. None
  35. None
  36. None
  37. None
  38. None
  39. None
  40. None

  41. conclusion on binary formats

  42. On binary formats • specs far from perfect • plenty

    of fun • many consequences for infosec ◦ unforeseen attack channels
  43. None

  44. on visual docs http://pics.corkami.com http://prints.corkami.com

  45. disclaimer no awards, no studies

  46. None
  47. None
  48. None
  49. None

  50. goal create useful documentations based on reality

  51. posters self-contained • immediate ‘big picture’ • no roleplay gamebook

  52. use common sense and your own eyes

  53. None

  54. creativity? give yourself time! to fail!

  55. None
  56. None
  57. None
  58. None
  59. None

  60. define your audience lower and upper limits

  61. “you should add …” see “setting a upper limit”

  62. “too simple/simplified”? 1/ teach others, beginners, kids 2/ no more

    excuses for not knowing

  63. remove the obvious guessing doesn’t hurt

  64. None

  65. space optimal separator

  66. left right

  67. left right

  68. left right

  69. None
  70. None

  71. no unnecessary extras leave doors closed (to be opened somewhere

    else)

  72. requirements

  73. a computer a transparent tablecloth

  74. None

  75. http://src.corkami.com

  76. @jaredcatkinson’s prefetch101

  77. conclusion on visual docs

  78. On visual documentations • it doesn’t hurt • it’s not

    so hard • requires time

  79. Questions ? thank YOU ! @angealbertini ✉ [email protected]