Critical Thinking - Bug Bounty Podcast Episode 132: Archive Testing Methodology with Mathias Karlsson
10 snips
Jul 24, 2025 Mathias Karlsson, a seasoned bug bounty hunter and the mind behind Archive Alchemist, joins in to discuss the complexities of archive-based vulnerabilities. He dives into the significance of Unicode paths, revealing how they can lead to security flaws. The conversation highlights automation in testing methodologies and the risks associated with symbolic link and path traversal attacks. Karlsson also shares insights on file handling intricacies, showcasing techniques for enhancing security assessments that are crucial for developers and researchers alike.
AI Snips
Chapters
Transcript
Episode notes
Automate Archive Manipulation
- Use Archive Alchemist commands like add, replace, and cat to modify ZIP and TAR files easily.
- Automate archive manipulations instead of remembering various CLI flags for different archive types.
Zip Unicode Path Differences
- Zip files can contain multiple file name encodings including a Unicode path with CRC validation.
- Different extractors like Windows Explorer and PowerShell handle Unicode path CRC differently, producing different extraction results.
OS Fingerprint Using Filename Characters
- Use less than or greater than signs in filenames to infer whether the server uses Linux or Windows.
- Exploit OS-specific behavior to craft specialized payloads accordingly.