Some tools detect the EICAR file in Zip files by size and CRC so that it even detects it in password-protected zips without having the password.This can of course lead to accidental or intentional FPs.
-
Some tools detect the EICAR file in Zip files by size and CRC so that it even detects it in password-protected zips without having the password.
This can of course lead to accidental or intentional FPs. -
Some even detect a CRC-colliding file if there's no password.
-
@Ange ouch.
-
CRC-forging is also useful to collide arbitrary contents inside a ZIP archive. It makes possible re-usable and instant MD5 collisions for ZIP-based documents such as DOCX, XLSX, EPUB, XPS, 3MF.
https://speakerdeck.com/ange/inside-out-abusing-archive-file-formats
Copyright © 2024 NodeBB | Contributors