[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How do you guys handle PNG/JPG binary files with potential payloads for all the image viewers?

(am I sending my emails right?? I selected "Reply All.")
>> how do you guys test all of the potential PNG/JPG potential malware payloads
>What's your use-case?

lol funny story.
I downloaded all of the github.com links ripped from the blackarch main page (~8GB worth of repositories)
ANYWAYS

I wanted to see the pictures...............start with the fun stuff first, right?

So I went: `find -type f -name '*.png' -o -name '*.jpg' -exec cp -f '{}' $SOME_DIR \;`

hehe then I was like OMG what am I doing when I saw a image name called:
Something like this:
Parser < 7.png
WHOA. my heart raced.
And I was like "I'm not ready for this."

So then I started imagining all of the stuff in those 1000+ PNG/JPG files that I want to view with ristretto image viewer.
.....and I was like: No way. No freakin' way.
I deleted all of the image files and then all of the cloned github.com repositories.
NOT worth viewing.
I don't care if `file myfile.png` says "PNG file"
lol

On Mon, Jun 20, 2022 at 4:11 PM Sebastian Rose <sebastian_rose@gmx.de> wrote:
Davide Prina <Davide.Prina@null.net> writes:
> Corey H wrote:
>
>> how do you guys test all of the potential PNG/JPG potential malware payloads

What's your use-case? As I'm not aware of an vector for GNU/Linux in
normal everyday use¹, I guess you host files for Windows clients?

Did anyone mention ClamAV already? If so, please ignore me (sorry for
not following closely...).


 - Sebastian


¹ One can execute every file on GNU/Linux. But the attack is that
execution of a file, not the file (otherwise we'd have to consider `rm',
`gpg', `scp', and many more malware, too).


--
As I was walking down Stanton Street early one Sunday morning, I saw a
chicken a few yards ahead of me.  I was walking faster than the chicken,
so I gradually caught up.  By the time we approached Eighteenth Avenue,
I was close behind.  The chicken turned south on Eighteenth.  At the
fourth house along, it turned in at the walk, hopped up the front steps,
and rapped sharply on the metal storm door with its beak. After a
moment, the door opened and the chicken went in.

                      (Linda Elegant in "True Tales of American Life")

Reply to: