This is a continuation from my previous post. The reasons why GIFARs, although in my case it was JPGAR (from JPG + JAR), work was explained to me by FX (Recurity Labs) after my talk during the last Black Hat in Amsterdam.
Basically, when you combine GIF/JPG and JAR/ZIP you have a hybrid file which have two heads. The head of GIF/JPG file is at the top. The head of the JAR/ZIP file is at the bottom. [...]
A lot of people have asked me (especially reporters) about the GIFAR attack since it resembles what I have already spoked about here and presented at the last Black Hat in Amsterdam. So, I decided to shed some light without being too revealing as the talk which will demonstrate and explain the attack in more details will give away the awesome stuff. This is my public statement:
So yes, the whole notion of combining JAR files with other types of files is not new. [...]
A special guest blogger for this month is Eduardo Vela, also known as sirdarckcat, a security researcher from Mexico. Eduardo has been on the field for a couple of years, mainly focusing on web-app based vulnerabilities, privilege escalation, and IDS/filter evasion. Today, he is a student of computer sciences, does some research on his free time, and works for an important website as a security engineer. [...]
