-
Notifications
You must be signed in to change notification settings - Fork 103
/
talks.htm
241 lines (238 loc) · 28.2 KB
/
talks.htm
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="" xml:lang="">
<head>
<meta charset="utf-8" />
<meta name="generator" content="pandoc" />
<meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes" />
<title>talks</title>
<style type="text/css">
code{white-space: pre-wrap;}
span.smallcaps{font-variant: small-caps;}
span.underline{text-decoration: underline;}
div.column{display: inline-block; vertical-align: top; width: 50%;}
</style>
<!--[if lt IE 9]>
<script src="//cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.3/html5shiv-printshiv.min.js"></script>
<![endif]-->
</head>
<body>
<h1 id="talks-keynotes-tutorials-workshops-articles-podcasts">Talks, keynotes, tutorials, workshops, articles, podcasts...</h1>
<p>Faster alone, further together.</p>
<p><a href="https://www.youtube.com/playlist?list=PL2-EpKoPE60Uyi5X6NMeiROVi8hm33sW3">Chronological Youtube playlist</a><br/> <a href="https://speakerdeck.com/ange">SpeakerDesk</a></p>
<h1 id="contents">Contents</h1>
<ul>
<li><a href="#contents">Contents</a></li>
<li><a href="#brainteasers">Brainteasers</a></li>
<li><a href="#for-kids">For kids</a></li>
<li><a href="#tools-assisted-speedruns">Tools-assisted speedruns</a></li>
<li><a href="#arcade-games-preservation-via-hacking">Arcade games preservation (via hacking)</a></li>
<li><a href="#drawing">Drawing</a></li>
<li><a href="#keynotes">Keynotes</a></li>
<li><a href="#file-formats">File formats</a>
<ul>
<li><a href="#portable-document-format">Portable Document Format</a></li>
<li><a href="#portable-executable">Portable Executable</a></li>
<li><a href="#with-cryptography">with cryptography</a>
<ul>
<li><a href="#angecryption">AngeCryption</a></li>
<li><a href="#hash-collisions">Hash collisions</a></li>
<li><a href="#timecryption">TimeCryption</a></li>
</ul></li>
<li><a href="#digital-preservation">Digital preservation</a></li>
<li><a href="#visualisation--dissection">Visualisation & dissection</a></li>
</ul></li>
<li><a href="#academic-papers">Academic papers</a></li>
<li><a href="#articles">Articles</a>
<ul>
<li><a href="#notable-appearances">Notable appearances</a></li>
<li><a href="#poc-or-gtfo">PoC or GTFO</a></li>
</ul></li>
</ul>
<h1 id="brainteasers">Brainteasers</h1>
<p><a href="slides/1301-AChallengeInYourPocket-AnIntroductionToBrainteasers.pdf"><img width=100 src=slides/1301-AChallengeInYourPocket-AnIntroductionToBrainteasers.png /></a></p>
<p><strong>A challenge in your pocket: an introduction to brainteasers</strong> HackPra 2013 <a href="https://speakerdeck.com/ange/a-challenge-in-your-pocket-an-introduction-to-brainteasers">slides</a> / <a href="http://www.youtube.com/watch?v=hg7A7YIEWbU">video</a></p>
<h1 id="for-kids">For kids</h1>
<p><a href="slides/1510-HacksInVideoGames.pdf"><img width=100 src=slides/1510-HacksInVideoGames.png /></a></p>
<p><strong>How people can create better video games</strong> Hack.lu 2015 <a href="https://speakerdeck.com/ange/hacks-in-video-games">slides</a> <br/>Hacking: spend time to understand how things really work (and get awesome results)</p>
<h1 id="tools-assisted-speedruns">Tools-assisted speedruns</h1>
<p><a href="slides/1608-TASbotThePerfectionist.pdf"><img width=100 src=slides/1608-TASbotThePerfectionist.png /></a></p>
<p><strong>TASBot - the perfectionist</strong> 2016 DEF CON <br/>w/ <a href="https://twitter.com/mrtasbot">dwangoAC</a>, <a href="https://speakerdeck.com/ange/tasbot-the-perfectionist">slides</a> / <a href="https://www.youtube.com/watch?v=2kj5ZmoTckI">video</a></p>
<h1 id="arcade-games-preservation-via-hacking">Arcade games preservation (via hacking)</h1>
<p><a href="slides/1412-PreservingArcadeGames.pdf"><img width=100 src=slides/1412-PreservingArcadeGames.png /></a></p>
<p><strong>Preserving arcade games</strong> Exceptional games, exceptional security, exceptional hacking</br> <a href="https://speakerdeck.com/ange/preserving-arcade-games-31c3">slides</a> / <a href="https://archive.org/details/arcade31c3">live animated prezo (1Gb)</a> / <a href="https://www.youtube.com/watch?v=vg7LPcFUxg8">video</a> / <a href="https://www.youtube.com/watch?v=d2X0YyxHg5Q">video (fr)</a></p>
<!--
[REcon 2013](https://www.youtube.com/watch?v=R9iQGTOco0M)
[<img width=100 src=slides/1306-JustKeepTrying.png />](slides/1306-JustKeepTrying.pdf)
[<img width=100 src=slides/1411-PreservingArcadeGames.png />](slides/1411-PreservingArcadeGames.pdf)
-->
<ul>
<li>2013: Recon, T2</li>
<li>2014: Nuit du Hack, RaumZeitLabor , CCC</li>
<li>2015: HackPra All Stars</li>
</ul>
<h1 id="drawing">Drawing</h1>
<p><a href="slides/1702-anIntroductionToInkscape.pdf"><img width=100 src=slides/1702-anIntroductionToInkscape.png /></a></p>
<p><strong>an introduction to Inkscape</strong> 2017 (workshop) DEFCON Zürich <a href="https://speakerdeck.com/ange/an-introduction-to-inkscape">slides</a></p>
<h1 id="keynotes">Keynotes</h1>
<p><a href="slides/1306-OnHacking&Security.pdf"><img width=100 src=slides/1306-OnHacking&Security.png ></a><!-- [<img width=100 src=slides/1807-BeyondYourStudies.png />](slides/1807-BeyondYourStudies.pdf)--> <a href="slides/2112-BeyondYourStudiesV2.pdf"><img width=100 src=slides/2112-BeyondYourStudiesV2.png /></a> <a href="slides/1710-Infosec&Failures.pdf"><img width=100 src=slides/1710-Infosec&Failures.png /></a> <a href="slides/1607-ConnectingCommunities.pdf"><img width=100 src=slides/1607-ConnectingCommunities.png /></a> <a href="slides/1810-Education&Communication.pdf"><img width=100 src=slides/1810-Education&Communication.png /></a> <a href="slides/2105-YouAreNotAnIdiot.pdf"><img width=100 src=slides/2105-YouAreNotAnIdiot.png /></a></p>
<p><strong>Beyond your studies</strong> HackPra 2018, ESIEA 2019, University of Warwick 2021 <a href="https://speakerdeck.com/ange/beyond-your-studies-v2">slides</a> / <a href="https://www.youtube.com/watch?v=a0V7bAzw5sE">video</a><!-- / [video v1](https://www.youtube.com/watch?v=Prgv9pNvy24) --> <br/>about your future - as a student or young professional.</p>
<p><strong>Infosec & Failures</strong> Hack.lu 2017 <a href="https://speakerdeck.com/ange/infosec-and-failures">slides</a> / <a href="https://www.youtube.com/watch?v=erZ2JlfTtcE">video</a> <br/>about you.</p>
<p><strong>Connecting Communities</strong> RMLLSec 2016 <a href="https://speakerdeck.com/ange/connecting-communities">slides</a> / <a href="https://www.youtube.com/watch?v=6DsJI1rcOZk">video</a> <br/>about connecting with your peers.</p>
<p><strong>Education & Communication</strong> Hack.lu 2018 <a href="https://speakerdeck.com/ange/education-and-communication">slides</a> / <a href="https://www.youtube.com/watch?v=Y_BBQlR-SUo">video</a> <br/>about your surroundings.</p>
<p><strong>You are <em>not</em> an idiot</strong> NorthSec 2021 <a href="https://speakerdeck.com/ange/you-are-not-an-idiot">slides</a> / <a href="https://www.youtube.com/watch?v=Iu70J49bPlE&t=20869s">video</a> <br/>about things you could get wrong in general.</p>
<h1 id="file-formats">File formats</h1>
<p><a href="slides/1306-PolyglottesBinairesEtImplications.pdf"><img width=100 src=slides/1306-PolyglottesBinairesEtImplications.png /></a> <a href="slides/1309-MessingWithBinaryFormats.pdf"><img width=100 src=slides/1309-MessingWithBinaryFormats.png /></a> <a href="slides/1406-SchizophrenicFiles.pdf"><img width=100 src=slides/1406-SchizophrenicFiles.png /></a> <a href="slides/1409-SchizophrenicFiles.pdf"><img width=100 src=slides/1409-SchizophrenicFiles.png /></a> <a href="slides/1412-FunkyFileFormats.pdf"><img width=100 src=slides/1412-FunkyFileFormats.png /></a> <a href="slides/1510-TrustingFilesAndTheirFormats.pdf"><img width=100 src=slides/1510-TrustingFilesAndTheirFormats.png /></a> <a href="slides/1603-CaringForFileFormats.pdf"><img width=100 src=slides/1603-CaringForFileFormats.png /></a> <img width=100 src=slides/1712-BinaryStuff.jpg /> <a href="slides/2107-GeneratingWeirdFiles.pdf"><img width=100 src=slides/2107-GeneratingWeirdFiles.png /></a> <img width=100 src=slides/2108-TalkingFileFormats.jpg /></p>
<p><strong>Messing with binary formats</strong> 2013 44Con, SSTIC <a href="https://speakerdeck.com/ange/messing-with-binary-formats">slides</a> / <a href="https://vimeo.com/channels/44con2013/109380801">video</a></p>
<p><strong>Schizophrenic files</strong> 2014 Area41, MRMCD <a href="https://speakerdeck.com/ange/schizophrenic-files">slides</a> / <a href="https://www.youtube.com/watch?v=9Hm0obaDC58">video</a> <br/>w/ <a href="https://twitter.com/gynvael">Gynvael Coldwind</a></p>
<p><strong>Funky file formats</strong> CCC 2014 <a href="https://speakerdeck.com/ange/funky-file-formats-31c3">slides</a> / <a href="https://www.youtube.com/watch?v=hdCs6bPM4is">video</a> /</p>
<p><strong>Funky file formats</strong> NoLimitSecu, March 2015 <a href="https://www.nolimitsecu.fr/ange-albertini-funky-file-formats/">[podcast] (fr)</a></p>
<p><strong>Trusting files (and their formats)</strong> Hack.lu 2015 <a href="https://speakerdeck.com/ange/trusting-files">slides</a></p>
<p><strong>Caring for file formats</strong> Troopers 2016 <a href="https://speakerdeck.com/ange/caring-for-file-formats">slides</a> / <a href="https://www.youtube.com/watch?v=mqioXYpyYhM">video</a></p>
<p><strong>Binary stuff</strong> Gynvael ColdWind livestream, 13 Dec. 2017 <a href="https://www.youtube.com/watch?v=-dyLxsr_f_w?t=862s">video</a></p>
<p><strong>Formats de fichiers: structures et conséquences</strong> ESIEA, November 2019 <a href="https://gtsslr19.sciencesconf.org/">Groupe de Travail "Sécurité des Systèmes, des Logiciels et des Réseaux"</a>, <a href="https://speakerdeck.com/ange/formats-de-fichiers-decisions-et-consequences">slides</a></p>
<p><strong>Generating weird files - an introduction to Mitra</strong> Pass the Salt 2021 <a href="https://speakerdeck.com/ange/generating-weird-files">slides</a> / <a href="https://www.youtube.com/watch?v=96FiTaAiUk8&t=7877s">video</a> <br/>polymocks, polyglots, near polyglots</p>
<p><strong>Talking about file formats</strong> LiveOverFlow livestream, 26th Aug. 2021 <a href="https://www.youtube.com/watch?v=CB_WIjxq1To">YouTube</a> / <a href="https://www.twitch.tv/videos/1130169550">Twitch</a></p>
<h2 id="portable-document-format">Portable Document Format</h2>
<p><a href="slides/1405-PDFsecrets.pdf"><img width=100 src=slides/1405-PDFsecrets.png /></a> <a href="slides/1409-PDFsecrets.pdf"><img width=100 src=slides/1409-PDFsecrets.png /></a> <a href="slides/1503-AdvancedPDFTricks.pdf"><img width=100 src=slides/1503-AdvancedPDFTricks.png /></a> <a href="slides/1504-AnOverviewOfPDFpotentialLeaks.pdf"><img width=100 src=slides/1504-AnOverviewOfPDFpotentialLeaks.png /></a> <a href="slides/1507-LetsWriteAPDFFile.pdf"><img width=100 src="slides/1507-LetsWriteAPDFFile.png" /></a></p>
<p><strong>PDF secrets</strong> 2014, RaumZeitLabor, MRMCD <a href="https://speakerdeck.com/ange/pdf-secrets-v2">slides</a> / <a href="https://media.ccc.de/v/MRMCD2014_-_6007_-_en_-_grossbaustelle_ber_-_201409051830_-_pdf_101_pdf_secrets_-_ange_albertini">video</a></p>
<p><strong>an overview of PDF potential leaks</strong> 2015 <a href="https://speakerdeck.com/ange/an-overview-of-pdf-potential-leaks">slides</a></p>
<p><strong>Advanced PDF tricks</strong> (workshop) Troopers 2015 <a href="https://speakerdeck.com/ange/advanced-pdf-tricks">slides</a> / <a href="https://www.youtube.com/watch?v=k9g9jZdjRcE">video</a> <br/>w/ <a href="https://twitter.com/pdfkungfoo">Kurt Pfeifle</a></p>
<p><strong>Let's write a PDF file</strong> (tutorial) 2017 <a href="https://speakerdeck.com/ange/lets-write-a-pdf-file">slides</a></p>
<h2 id="portable-executable">Portable Executable</h2>
<p><a href="slides/1110-SuchAweirdProcessor.pdf"><img width=100 src=slides/1110-SuchAweirdProcessor.png /></a> <a href="slides/1112-x86&PE.pdf"><img width=100 src=slides/1112-x86&PE.png /></a> <a href="slides/1206-ABitMoreOfPE.pdf"><img width=100 src=slides/1206-ABitMoreOfPE.png /></a> <a href="slides/1211-BinaryArtByteingThePEthatFailsYou.pdf"><img width=100 src=slides/1211-BinaryArtByteingThePEthatFailsYou.png /></a> <a href="slides/1309-ExploringThePortableExecutableFormat.pdf"><img width=100 src=slides/1309-ExploringThePortableExecutableFormat.png /></a></p>
<p><strong>x86 & PE</strong> 2011, HashDays, BerlinSides <a href="https://speakerdeck.com/ange/x86-and-p">slides</a> / <a href="https://www.youtube.com/watch?v=MJvsshovITE">video</a></p>
<p><strong>a bit more of PE</strong> Hack in Paris 2012 <a href="https://speakerdeck.com/ange/a-bit-more-of-pe">slides</a> / <a href="https://www.youtube.com/watch?v=3duSgr5b1yc">video</a></p>
<p><strong>Binary art: Byte-ing the PE that fails you</strong> Hashdays 2012 <a href="https://speakerdeck.com/ange/byte-ing-the-pe-that-fails-you">slides</a> / <a href="https://www.youtube.com/watch?v=kibEcaG0zCk">video</a></p>
<p><strong>Exploring the PE format</strong> (workshop) 44con 2013 <a href="https://speakerdeck.com/ange/workshop-exploring-the-portable-executable-format">slides</a></p>
<h2 id="with-cryptography">with cryptography</h2>
<p><a href="slides/1405-WhenAES(☢)=☠.pdf"><img width=100 src='slides/1405-WhenAES(☢)=☠.png' /></a> <a href="slides/1406-JoueàLaCrypto.pdf"><img width=100 src='slides/1406-JoueàLaCrypto.png' /></a> <a href="slides/1407-LetsPlayWithCrypto.pdf"><img width=100 src=slides/1407-LetsPlayWithCrypto.png /></a> <a href="slides/1409-LetsPlayWithCrypto.pdf"><img width=100 src=slides/1409-LetsPlayWithCrypto.png /></a> <a href="slides/1410-HideAndroidApplicationsInImages.pdf"><img width=100 src=slides/1410-HideAndroidApplicationsInImages.png /></a></p>
<h3 id="angecryption">AngeCryption</h3>
<p><strong>when AES(☢) = ☠</strong>, May 2014 <a href="https://speakerdeck.com/ange/when-aes-equals-episode-v">slides</a> / <a href="http://www.youtube.com/watch?v=wbHkVZfCNuE">video</a></p>
<p><strong>Let's play with crypto</strong> June 2014 RaumZeitLabor, RMLL, MRMCD <a href="https://speakerdeck.com/ange/lets-play-with-crypto">slides (en)</a> / <a href="https://speakerdeck.com/ange/joue-a-la-crypto-french">slides (fr)</a> / <a href="https://www.youtube.com/watch?v=iIesDpv9F4s">video (fr)</a> / <a href="https://media.ccc.de/v/MRMCD2014_-_6006_-_en_-_grossbaustelle_ber_-_201409052030_-_let_s_play_with_crypto_-_ange_albertini">video</a><br/> <em>AngeCryption</em> / <em>TrueCrypt</em> / <em>polyglots</em></p>
<p><strong>Hide Android Applications in Images</strong> BlackHat Europe 2014, <a href="https://www.blackhat.com/docs/eu-14/materials/eu-14-Apvrille-Hide-Android-Applications-In-Images.pdf">slides</a> / <a href="https://www.youtube.com/watch?v=hajOlvLhYJY">video</a> <br/>w/ <a href="https://twitter.com/cryptax">Axelle Apvrille</a></p>
<h3 id="hash-collisions">Hash collisions</h3>
<p><a href="slides/1408-SHA1backdooring&Exploitation.pdf"><img width=100 src=slides/1408-SHA1backdooring&Exploitation.png /></a> <a href="slides/1711-ExploitingHashCollisions.pdf"><img width=100 src=slides/1711-ExploitingHashCollisions.png /></a> <a href="slides/1907-KILL_MD5.pdf"><img width=100 src=slides/1907-KILL_MD5.png /></a> <a href="slides/1912-CollTris.pdf"><img width=100 src=slides/1907-CollTris.png /></a> <a href="slides/2207-InsideOut.pdf"><img width=100 src=slides/2207-InsideOut.png /></a></p>
<p><strong>SHA-1 backdooring and exploitation</strong>, BSidesLV 2014 <a href="https://speakerdeck.com/ange/sha-1-backdooring-and-exploitation">slides</a> / <a href="https://www.youtube.com/watch?v=GHY3dv42dz4">video</a> <br/>w/ <a href="https://twitter.com/MariaEichlseder">Maria Eichlseder</a>, Florian Mendel, Martin Schäffler, <a href="https://twitter.com/veorq">Jean-Philippe Aumasson</a> <br/>MalSHA1 collisions</p>
<p><strong>Exploiting hash collisions</strong> w/ <a href="https://twitter.com/realhashbreaker">Marc Stevens</a>, BlackAlps 2017 <a href="https://speakerdeck.com/ange/exploiting-hash-collisions">slides</a> / <a href="https://www.youtube.com/watch?v=Y-oJWEYKVLA">video</a> <br/>MalSHA1, Shattered, MD5 collisions & hashquines</p>
<p><strong>KILL MD5 - Demystifying hash collisions</strong> w/ <a href="https://twitter.com/realhashbreaker">Marc Stevens</a>, <a href="https://speakerdeck.com/ange/kill-md5">slides</a></p>
<ul>
<li>Pass the Salt 2019 <a href="https://passthesalt.ubicast.tv/videos/kill-md5-demystifying-hash-collisions/">video</a></li>
<li>Hack.lu 2019 <a href="https://www.youtube.com/watch?v=JXazRQ0APpI">video</a></li>
</ul>
<p><strong>CollTris - Hash collisions exploitations</strong> workshop w/ <a href="https://twitter.com/realhashbreaker">Marc Stevens</a>, <a href="https://speakerdeck.com/ange/colltris">slides</a> / <a href="https://www.youtube.com/watch?v=BcwrMnGVyBI">video</a></p>
<ul>
<li>2019/07/02 150p, Pass The Salt</li>
<li>2019/07/24 199p, Google</li>
<li>2019/08/19 208p, Google</li>
<li>2019/10/23 222p, Hack.lu</li>
<li>2019/11/07 225p, Black Alps</li>
<li>2019/12/03 229p, Google</li>
</ul>
<p><strong>Collisions de hash</strong> NoLimitSecu #249, December 2019 <a href="https://www.nolimitsecu.fr/collisions-de-hash/">[podcast] (fr)</a></p>
<p><strong>Inside Out - Abusing archive file formats</strong> Generic and reusable hash collisions of Gzip and ZIP(XML) archives. Pass The Salt 2022 <a href="https://speakerdeck.com/ange/inside-out-abusing-archive-file-formats">slides</a> / <a href="https://www.youtube.com/watch?v=VPQHMNUxm8c">video</a></p>
<h3 id="timecryption">TimeCryption</h3>
<p><a href="slides/2104-Timecryption.pdf"><img width=100 src=slides/2104-Timecryption.png /></a> <a href="https://www.usenix.org/system/files/sec22_slides-albertini.pdf"><img width=100 src=slides/2208-Usenix22.png /></a></p>
<p><strong>TimeCryption - clean now, malicious later</strong>. Abusing one-time pads with binary polyglots. DEFCON CH 2021 w/ <a href="https://twitter.com/kste_">Stefan Kölbl</a>, <a href="https://speakerdeck.com/ange/timecryption">slides</a> / <a href="https://www.youtube.com/watch?v=liancIA1m9w">video</a></p>
<p><strong>How to Abuse and Fix Authenticated Encryption Without Key Commitment</strong>. USENIX Security 2022, presented by <a href="https://twitter.com/kste_">Stefan Kölbl</a>, <a href="https://www.usenix.org/system/files/sec22_slides-albertini.pdf">slides</a> / <a href="https://www.youtube.com/watch?v=VazqgsBwzOY">video</a></p>
<h2 id="digital-preservation">Digital preservation</h2>
<p><a href="slides/1507-PDFMythsVsFacts.pdf"><img width=100 src=slides/1507-PDFMythsVsFacts.png /></a> <a href="slides/1707-TheChallengesOfFileFormats.pdf"><img width=100 src=slides/1707-TheChallengesOfFileFormats.png /></a> <a href="slides/1905-ImprovingFileFormats.pdf"><img width=100 src=slides/1905-ImprovingFileFormats.png /></a> <a href="slides/2212-TechnicalChallengesWithFileFormats.pdf"><img width=100 src=slides/2212-TechnicalChallengesWithFileFormats.jpg /></a></p>
<p><strong>PDF: myths vs facts</strong> <a href="https://www.dpconline.org/events/past-events/preserving-documents-forever-when-is-a-pdf-not-a-pdf">"When is a PDF not a PDF?" DPC briefing</a>, Oxford university, July 2015 <a href="https://speakerdeck.com/ange/pdf-myths-vs-facts">slides</a></p>
<p><strong>the Challenges of file formats</strong> <a href="http://www.langzeitarchivierung.de/Subsites/nestor/DE/Veranstaltungen/TermineNestor/praktikertag2017.html">Nestor Praktikertag</a>, Kiel, July 2017 <a href="https://speakerdeck.com/ange/the-challenges-of-file-formats">slides</a></p>
<p><strong>Improving file formats</strong> -, May 2019 <a href="https://speakerdeck.com/ange/improving-file-formats-from-to">slides</a></p>
<p><strong>Technical challenges with file formats</strong> DPC CyberSec & DigiPres event, Dec 2022 <a href="https://speakerdeck.com/ange/technical-challenges-with-file-formats">slides</a></p>
<h2 id="visualisation--dissection">Visualisation & dissection</h2>
<p><a href="slides/1403-BinaryArtFunkyPoCsAndVisualDocs.pdf"><img width=100 src=slides/1403-BinaryArtFunkyPoCsAndVisualDocs.png /></a> <a href="slides/1903-NoMoreDumbHex.pdf"><img width=100 src=slides/1903-NoMoreDumbHex.png /></a></p>
<p><strong>Binary art - funky PoCs & visual docs</strong> Insomni'hack, Geneva, March 2014, <a href="slides/1403-BinaryArtFunkyPoCsAndVisualDocs.pdf#page=44">slides</a></p>
<p><strong>No more dumb hex! Rethinking binary tooling</strong> Troopers 2019, <a href="https://speakerdeck.com/ange/no-more-dumb-hex">slides</a> / <a href="https://www.youtube.com/watch?v=264OmDG8m7M">video</a> <br/>w/ <a href="https://twitter.com/HDevo">Rafał Hirsz</a></p>
<h1 id="academic-papers">Academic papers</h1>
<p><a href="https://eprint.iacr.org/2014/694">Malicious Hashing: Eve’s Variant of SHA-1</a>, Aug 2014<br/> Ange Albertini, <a href="https://twitter.com/veorq">Jean-Philippe Aumasson</a>, <a href="https://twitter.com/MariaEichlseder">Maria Eichlseder</a>, Florian Mendel, and Martin Schlaeffer<br/> <em>hash collisions</em></p>
<p><a href="https://www.usenix.org/conference/woot16/workshop-program/presentation/bratus">Fillory of PHY: Toward a Periodic Table of Signal Corruption Exploits and Polyglots in Digital Radio</a>, WOOT 2016<br/> <a href="https://twitter.com/sergeybratus">Sergey Bratus</a>, <a href="https://twitter.com/travisgoodspeed">Travis Goodspeed</a>, Ange Albertini, Debanjum S. Solanky<br/> <em>polyglots</em></p>
<p><a href="https://eprint.iacr.org/2017/190">The first collision for full SHA-1</a>, Feb 2017<br/> <a href="https://twitter.com/realhashbreaker">Marc Stevens</a>, Elie Bursztein, <a href="https://twitter.com/shab0y">Pierre Karpman</a>, Ange Albertini, Yarik Markov<br/> <em>hash collisions</em></p>
<p><a href="https://eprint.iacr.org/2020/1456">How to Abuse and Fix Authenticated Encryption Without Key Commitment</a>, Nov 2020 - <a href="slides/2112-AbuseAE.pdf">Dec 2021</a><!-- [Nov 2020](slides/2011-AbuseAE.pdf) / [Jun 2021](slides/2106-AbuseAE.pdf) / [Oct 2021](slides/2110-AbuseAE.pdf) --><br /> Ange Albertini, <a href="https://twitter.com/XorNinja">Thai Duong</a>, Shay Gueron, <a href="https://twitter.com/kste_">Stefan Kölbl</a>, Atul Luykx, <a href="https://twitter.com/SchmiegSophie">Sophie Schmieg</a><br/> <em>key commitment, timecryption</em></p>
<ul>
<li>Cryptography FM - Episode 10 [podcast]: <a href="https://www.cryptography.fm/10">Exploiting Authenticated Encryption</a>, Nov 2020, w/ <a href="https://twitter.com/kste_">Stefan Kölbl</a></li>
</ul>
<h1 id="articles">Articles</h1>
<img width=100 src=slides/1908-PagedOut1.png />
<img width=100 src=slides/2007-misc-hs-21.jpg />
<p>2019/08 <a href="https://pagedout.institute/download/PagedOut_001_beta1.pdf#page=16">Adding any external data to any PDF</a>, <a href="https://pagedout.institute/">Paged Out!</a> p17 (=> <a href="PagedOut/README.md">extended version</a>)</p>
<p>2020/07 Exploitations de collisions MD5, <a href="https://boutique.ed-diamond.com/les-hors-series/1518-misc-hs-21.html">Misc Hors série 21</a> p118<br/> <em>hash collisions</em></p>
<h2 id="notable-appearances">Notable appearances</h2>
<img width=100 src=slides/1311-Programista.jpg />
<p><a href="https://programistamag.pl/programista-112013-18-spis-tresci/">Programista 2013/11</a>, p102-103</p>
<h2 id="poc-or-gtfo">PoC or GTFO</h2>
<p>In <a href="https://github.com/angea/pocorgtfo/blob/master/README.md">Proof of Concept or Get the F*ck Out</a></p>
<p>2013/10</p>
<ul>
<li>01:04 <a href="https://archive.org/stream/Pocorgtfo01#page/n8/mode/1up">Making a Multi-Windows PE</a></li>
</ul>
<p>2013/12</p>
<ul>
<li>02:08 <a href="https://archive.org/stream/Pocorgtfo02#page/n20/mode/1up">This OS is also a PDF</a></li>
</ul>
<p>2014/03</p>
<ul>
<li>03:03 <a href="https://archive.org/stream/pocorgtfo03#page/n7/mode/1up">This PDF is a JPEG; or, This Proof of Concept is a Picture of Cats</a></li>
<li>03:11 <a href="https://archive.org/stream/pocorgtfo03#page/n36/mode/1up">A Binary Magic Trick, Angecryption</a>, w/ <a href="https://twitter.com/veorq">Jean-Philippe Aumasson</a></li>
</ul>
<p>2014/06</p>
<ul>
<li>04:11 <a href="https://archive.org/stream/pocorgtfo04#page/n41/mode/1up">This Encrypted Volume is also a PDF; or, A Polyglot Trick for Bypassing TrueCrypt Volume Detection</a></li>
<li>04:12 <a href="https://archive.org/stream/pocorgtfo04#page/n43/mode/1up">How to Manually Attach a File to a PDF</a></li>
</ul>
<p>2014/08</p>
<ul>
<li>05:12 <a href="https://archive.org/stream/pocorgtfo05#page/n47/mode/1up">A cryptographer and a binarista walk into a bar</a>, w/ <a href="https://twitter.com/MariaEichlseder">Maria Eichlseder</a> <em>hash collisions</em></li>
</ul>
<p>2014/11</p>
<ul>
<li>06:04 <a href="https://archive.org/stream/pocorgtfo06#page/n14/mode/1up">This TAR archive is a PDF! (as well as a ZIP, but you are probably used to it by now)</a></li>
</ul>
<p>2015/03</p>
<ul>
<li>07:06 <a href="https://archive.org/stream/pocorgtfo07#page/n17/mode/1up">Funky Files, the Novella!</a></li>
</ul>
<p>2016/01</p>
<ul>
<li>10:03 <a href="https://archive.org/stream/pocorgtfo10#page/n6/mode/1up">Exploiting Pokémon in a Super GameBoy</a> by <a href="https://twitter.com/@MrTASBot">dwangoAC</a>, Ilari, <a href="https://twitter.com/@p4plus2">p4plus2</a> <em>contribution</em></li>
<li>10:04 <a href="https://archive.org/stream/pocorgtfo10#page/n23/mode/1up">Pokéglot!</a> by <a href="https://twitter.com/@MrTASBot">dwangoAC</a>, Ilari, <a href="https://twitter.com/@p4plus2">p4plus2</a> <em>contribution</em></li>
<li>10:07 <a href="https://archive.org/stream/pocorgtfo10#page/n75/mode/1up">Apple II Copy Protections</a> by <a href="https://twitter.com/@a2_qkumba">Peter Ferrie</a> <em>contribution</em></li>
</ul>
<p>2016/03</p>
<ul>
<li>11:05 <a href="https://archive.org/stream/pocorgtfo11#page/n14/mode/1up">Defeating E7 Protection on the Apple II Platform</a> by <a href="https://twitter.com/@a2_qkumba">Peter Ferrie</a> <em>contribution</em></li>
<li>11:10 <a href="https://archive.org/stream/pocorgtfo11#page/n37/mode/1up">Ben "bushing" Byer Memorial</a> by <a href="https://twitter.com/fail0verflow">fail0verflow</a> <em>contribution</em></li>
</ul>
<p>2016/06</p>
<ul>
<li>12:04 <a href="https://archive.org/stream/pocorgtfo12#page/n13/mode/1up">Comma Chameleon</a> by <a href="https://twitter.com/@kkotowicz">Krzysztof Kotowicz</a>, <a href="https://twitter.com/@molnar_g">Gábor Molnár</a> <em>contribution</em></li>
</ul>
<p>2016/10</p>
<ul>
<li>13:02 <a href="https://archive.org/stream/pocorgtfo13#page/n4/mode/1up">Reverse Engineering Star Raiders</a> by Lorenz Wiest <em>contribution</em></li>
</ul>
<p>2017/03</p>
<ul>
<li>14:09 <a href="https://archive.org/stream/pocorgtfo14#page/n45/mode/1up">Postscript that shows its own MD5</a> by <a href="https://twitter.com/@teh_gerg">Gregor "Greg" Kopf</a> <em>contribution</em></li>
<li>14:10 <a href="https://archive.org/stream/pocorgtfo14#page/n49/mode/1up">A PDF That Shows Its Own MD5</a> by <a href="https://twitter.com/@makomk">Mako</a> <em>contribution</em></li>
<li>14:11 <a href="https://archive.org/stream/pocorgtfo14#page/n52/mode/1up">This GIF shows its own MD5!</a> by <a href="https://twitter.com/@__spq__">Kristoffer "spq" Janke</a> <em>contribution</em></li>
<li>14:12 <a href="https://archive.org/stream/pocorgtfo14#page/n55/mode/1up">This PDF is an NES ROM that prints its own MD5 hash!</a> by <a href="https://twitter.com/@ESultanik">Evan Sultanik</a>, <a href="https://twitter.com/@evan_teran">Evan Teran</a> <em>contribution</em></li>
</ul>
<p>2017/06</p>
<ul>
<li>15:02 <a href="https://archive.org/stream/pocorgtfo15#page/n4/mode/1up">Pier Solar and the Great Reverser</a> by <a href="https://twitter.com/@brandonlwilson">Brandon L. Wilson</a> <em>contribution</em></li>
<li>15:04 <a href="https://archive.org/stream/pocorgtfo15#page/n15/mode/1up">Text2COM Silver Jubilee Edition</a> by <a href="https://twitter.com/@therealsaumil">Saumil Shah</a>, Udayan Shah <em>contribution</em></li>
<li>15:06 <a href="https://archive.org/stream/pocorgtfo15#page/n24/mode/1up">Gumball</a> by <a href="https://twitter.com/@a2_4am">4am</a>, <a href="https://twitter.com/@a2_qkumba">Peter Ferrie</a> <em>contribution</em></li>
<li>15:12 <a href="https://archive.org/stream/pocorgtfo15#page/n88/mode/1up">Nail in the Java Key Store Coffin</a> by <a href="https://twitter.com/@floyd_ch">Tobias "Floyd" Ospelt</a> <em>contribution</em></li>
</ul>
<p>2018/06</p>
<ul>
<li>18:10 <a href="https://archive.org/stream/pocorgtfo18#page/n62/mode/1up">Easy SHA-1 Colliding PDFs with PDFLaTeX</a> <em>hash collisions</em></li>
</ul>
<p>2019/03</p>
<ul>
<li>19:05 <a href="https://archive.org/stream/pocorgtfo19#page/n20/mode/1up">An MD5 Pileup</a>, w/ <a href="https://twitter.com/realhashbreaker">Marc Stevens</a> <em>hash collisions</em></li>
</ul>
<!-- pandoc -s -f gfm -t html talks.md -o talks.htm -->
</body>
</html>