Click Click Boom! Bombs Over Our Mind!

Abstract

We’re doing research about zip bomb and this talk mainly focuses on how we deal with problem and the adventures we had.

We share the successful experiences if we made it. Instead we share what we’ve learnt from the progress.

Most important of all, this is all about having fun! :D

Description

During the zip bomb research work, we found out there are things we can contribute. 1. Write a zip bomb detection and protection package and push it to [pypi](https://pypi.org/) 2. When we examined the cpython zipfile library, we're sure that they don't have zip bomb detection or protection mechanism implemented. So we plan to start a discussion on [bugs.python.org](https://bugs.python.org/). 3. We already submit a CVE (Common Vulnerabilities and Exposures) to [mitre.org](https://cve.mitre.org/). And already get the [cve number](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9674). 4. Cpython zipfile library code tracing and [discussion on b.p.o](https://bugs.python.org/issue36260) 5. Github [PR](https://github.com/python/cpython/pull/13378) to enhance python documentation But!!! We don't quite focus on the technical issues, we're just challenging ourselves and try to maximize our fun :D

Slides

https://docs.google.com/presentation/d/1qPCPRfHx3ZEoneWOxBUqUE-LswqmTo2J-Pb74NGPPeg/edit#slide=id.g5ac89a5966_0_6

Speakers

KunYu Chen

Security researcher, working at InfoSec Division, Telecom Technology Center.

Have fun through challenging difficulties.
Recently get heavily involved in cpython work-flow.

http://kunyu-chens-notes.rtfd.io/

JunWei Song

JunWei is a Security Researcher from Taiwan. A paranoid Pythonista who focuses on cybersecurity, reverse engineering, and malware analysis. And as a CPython contributor, PyCon Taiwan Program Committee, presented at HITB Armory, Europython, PyCon Taiwan, PyCon Korea, PyCon Malaysia. He’s the co-founder of Quark-Engine and a security research group, TWBGC.