logo
episode-header-image
Jul 24
1h 49m

Episode 132: Archive Testing Methodology...

Justin Gardner (Rhynorater) & Joseph Thacker (Rez0)
About this episode

Episode 132: In this episode of Critical Thinking - Bug Bounty Podcast, Justin Gardner is joined by Mathias Karlsson to discuss vulnerabilities associated with archives. They talk about his new tool, Archive Alchemist, and explore topics like the significance of Unicode paths, symlinks, and TAR before they end up talking about Charsets again..

Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

====== Links ======

Follow your hosts Rhynorater and Rez0 on Twitter:

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord!

You can also find some hacker swag at https://ctbb.show/merch!

Today's Sponsor: ThreatLocker - Patch Management

Today’s Guest: Mathias Karlsson

====== This Week in Bug Bounty ======

Swiss Post's 2025 Public Intrusion Test starts on July 28

Intigriti teams with NVIDIA

Bugcrowd Ingenuity Awards

Hack the Hacker Series - AI Vulnerabilities and Bug Bounties

A Novel Technique for SQL Injection in PDO’s Prepared Statements

How We Accidentally Discovered a Remote Code Execution Vulnerability in ETQ Reliance

====== Resources ======

Archive Alchemist

Hacking Livestream #53: The ZIP file format

====== Timestamps ======

(00:00:00) Introduction

(00:10:04) Archive Alchemist

(00:36:05) Unicode Extensions, normalization, and confusion attacks on Zip parsers

(00:48:44) Character Sets

(01:01:49) 7zip & File Names

(01:06:44) Path Traversal, Symlinks & Identifying Techniques

(01:36:05) Hardlinks and TAR

Up next
Aug 4
Episode 134: XBOW - AI Hacking Agent and Human in the Loop with Diego Djurado
Episode 134: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Diego Djurado to give us the scoop on XBOW. We cover a little about its architecture and approach to hunting, the challenges with hallucinations, and the future of AI in the BB landscape. Diego ... Show More
1h 53m
Jul 31
Episode 133: Building Hacker Communities - Bug Bounty Village, getDisclosed, and the LHE Squad
Episode 133: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Harley and Ari from H1 to talk some about community management roles within Bug Bounty, as well as discuss the evolution of Bug Bounty Village at DEFCON, and what they’ve got in store this year ... Show More
1h 16m
Jul 17
Episode 131: SL Cyber Writeups, Bug Bounty Metastrategy, and Orphaned Github Commits
Episode 131: In this episode of Critical Thinking - Bug Bounty Podcast we're covering Christmas in July with several banger articles from Searchlight Cyber, as well as covering things like Raycast for Windows, Third-Person prompting, and touch on the recent McDonalds LeakFollow u ... Show More
50m 36s
Recommended Episodes
Mar 2016
Episode 214: 214: Atrophic Cohost
Sean, Kyle, and a chorus of small frogs discuss the Game Developers Conference, eating alone, atrophic organs, Slack vs Basecamp, the cost of abstractions, and tips for adding new team members. Braintree: An easy way to accept multiple payment types with one integration. Quick, k ... Show More
1h 23m
Jul 13
295: Hacker Tourism
Wired 04.12, December 1996: https://archive.org/details/wired-magazine-04.12-1996-decemberShow notes with page numbers for everything we discuss: https://tinyurl.com/techpod-295-wired-dec-96 Support the Pod! Contribute to the Tech Pod Patreon and get access to our booming Discord ... Show More
1h 20m
Jan 2015
17: Somewhere on The Monorail
This week Jason and Myke discuss Apple's software quality issues and the difficulty in diagnosing problems from outside an organization, why Family Sharing is a problematic feature, and what's good and bad about CES. Plus, Jason listens to Hello Internet and Myke listens ... Show More
1h 41m
Jul 17
128. Rebecca Coriam: The Cruise Employee Who Vanished // DARK SUMMER VOL. 2
Head to https://www.tryfum.com/HEART and use promo code HEART to get your free gift with purchase and start the Good Habit today! In 2011, a 24 year old woman vanished from a Disney Cruise that was heading back to LA. And what at first seemed like an open and shut “man overboard” ... Show More
46m 19s
Oct 2024
Episode 526: Rails World with Robby Russell
Nick and I recorded an episode at Rails World with Robby Russell. This is a test of new format we're running where we discuss Rails News. Robby joins us to talk about the Rails Developer Survey that ran this summer. WE also chat about all the new things announced at Rails Wor ... Show More
31m 58s
Jul 2024
242: Skittles Exterior, M&Ms Interior
We're back with another hot month's worth of your questions to answer, this time addressing such wide-ranging subjects as easy ways to defeat Blu-ray region locks, tech tips for your fantasy new-home build, the sweet spot for solar panels paying for themselves, whether anyone act ... Show More
1h 12m
Dec 2019
272: ‘The Save Twitch’ With Rich Siegel
For your holiday listening enjoyment, very special guest Rich Siegel joins the show to talk about BBEdit’s past, present, and future, the state of developing for the Mac, and more. Sponsored by: Eero: Wi-Fi done right. Get free overnight shipping with promo code thetalkshow. Squa ... Show More
1h 59m
Dec 2024
The Spirit of Open Source in a Modern .NET World with Scott Harden
RJJ Software's Software Development Service This episode of The Modern .NET Show is supported, in part, by RJJ Software's Podcasting Services, whether your company is looking to elevate its UK operations or reshape its US strategy, we can provide tailored solutions that exceed ex ... Show More
1h 22m
Oct 2021
252: Chris Pratt is So Cool
Four close man friends gather around so let's a go. This is the Official Podcast. Every Thursday. At 7pm EST. Links Below. --- Brought to you by the following sponsors: GET THE APP THAT MAKES INVESTING IN CRYPTO EASY: go to https://www.KRAKEN.com/OFFICIAL GET 10% OFF YOUR ORDER O ... Show More
1h 18m
Aug 2024
249: Good Enough Is Good Enough
The Qs that we attempt to A in this month's question-fest include: What are some less obvious benefits of portable apps? How trustworthy is a package manager? Is a Windows Pro license really worth it? What's your microwave technique for even, efficient heating? How do you stop an ... Show More
1h 15m
Listen to millions of songs and podcasts on Anghami