Click Click Boom! Bombs Over Our Mind!

Abstract

We’re doing research about zip bomb and this talk mainly focuses on how we deal with problem and the adventures we had.

We share the successful experiences if we made it. Instead we share what we’ve learnt from the progress.

Most important of all, this is all about having fun! :D

Description

During the zip bomb research work, we found out there are things we can contribute. 1. Write a zip bomb detection and protection package and push it to [pypi](https://pypi.org/) 2. When we examined the cpython zipfile library, we're sure that they don't have zip bomb detection or protection mechanism implemented. So we plan to start a discussion on [bugs.python.org](https://bugs.python.org/). 3. We already submit a CVE (Common Vulnerabilities and Exposures) to [mitre.org](https://cve.mitre.org/). And already get the [cve number](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9674). 4. Cpython zipfile library code tracing and [discussion on b.p.o](https://bugs.python.org/issue36260) 5. Github [PR](https://github.com/python/cpython/pull/13378) to enhance python documentation But!!! We don't quite focus on the technical issues, we're just challenging ourselves and try to maximize our fun :D

Slides

https://docs.google.com/presentation/d/1qPCPRfHx3ZEoneWOxBUqUE-LswqmTo2J-Pb74NGPPeg/edit#slide=id.g5ac89a5966_0_6

Speakers

KunYu Chen

Security researcher, working at InfoSec Division, Telecom Technology Center.

Have fun through challenging difficulties.
Recently get heavily involved in cpython work-flow.

http://kunyu-chens-notes.rtfd.io/

Jun-Wei Song

Cpython Contributor, focuses on security, using Python to deal with real-world problems.

Security Researcher at Telecom Technology Center

Team Founder of TWBGC

https://krnick.rtfd.io/