Ange
@angealbertini.bsky.social
Reverse engineer, file formats expert.
Corkami, CPS2Shock, PoC||GTFO, Sha1tered, Magika...
Security engineer @ Google. He/him.
Is there nowadays a better content extractor from PDF than the classic ‘pdftotext’ ?
Something (maybe ML-driven) that would handle tables, rows of text and formulas ?
Something (maybe ML-driven) that would handle tables, rows of text and formulas ?
November 10, 2025 at 2:20 PM
Is there nowadays a better content extractor from PDF than the classic ‘pdftotext’ ?
Something (maybe ML-driven) that would handle tables, rows of text and formulas ?
Something (maybe ML-driven) that would handle tables, rows of text and formulas ?
Magika 1.0 is released, available in Rust, TypeScript and Python, and supporting more than 200 file types.
Announcing Magika 1.0: now faster, smarter, and rebuilt in Rust
opensource.googleblog.com
November 7, 2025 at 9:57 AM
Magika 1.0 is released, available in Rust, TypeScript and Python, and supporting more than 200 file types.
If you’re into malware analysis, you should really give Malcat a try.
A great all-in-one tool with hex and structure views, disasm and decomp, integrated Yara, python scripting, similarities scanning...
Definitely worth trying!
A great all-in-one tool with hex and structure views, disasm and decomp, integrated Yara, python scripting, similarities scanning...
Definitely worth trying!
October 10, 2025 at 7:30 PM
If you’re into malware analysis, you should really give Malcat a try.
A great all-in-one tool with hex and structure views, disasm and decomp, integrated Yara, python scripting, similarities scanning...
Definitely worth trying!
A great all-in-one tool with hex and structure views, disasm and decomp, integrated Yara, python scripting, similarities scanning...
Definitely worth trying!
Is there a good source for non-malicious executables? categorized and with some variety, across platforms, languages...?
October 8, 2025 at 3:28 PM
Is there a good source for non-malicious executables? categorized and with some variety, across platforms, languages...?
Reposted by Ange
Brand new paper with Roxane Cohen, Robin David (both from @quarkslab.bsky.social ) and Florian Yger on obfuscation detection in binary code doi.org/10.1007/s411... We show that carefully selected features can be leveraged by graph neural networks to outperform classical solutions.
Identifying obfuscated code through graph-based semantic analysis of binary code - Applied Network Science
Protecting sensitive program content is a critical concern in various situations, ranging from legitimate use cases to unethical contexts. Obfuscation is one of the most used techniques to ensure such a protection. Consequently, attackers must first detect and characterize obfuscation before launching any attack against it. This paper investigates the problem of function-level obfuscation detection using graph-based approaches, comparing algorithms, from classical baselines to advanced techniques like Graph Neural Networks (GNN), on different feature choices. We consider various obfuscation types and obfuscators, resulting in two complex datasets. Our findings demonstrate that GNNs need meaningful features that capture aspects of function semantics to outperform baselines. Our approach shows satisfactory results, especially in a challenging 11-class classification task and in two practical binary analysis examples. It highlights how much obfuscation and optimization are intertwined in binary code and that a better comprehension of these two principles are fundamental in order to obtain better detection results.
doi.org
September 30, 2025 at 5:03 PM
Brand new paper with Roxane Cohen, Robin David (both from @quarkslab.bsky.social ) and Florian Yger on obfuscation detection in binary code doi.org/10.1007/s411... We show that carefully selected features can be leveraged by graph neural networks to outperform classical solutions.
Reposted by Ange
Apple Preview 11.0 (macOS 15.5) does crash while opening gist.github.com/nst/373748f2... as x.pdf (malformed ICC profile).
[com.apple.Preview] CoreGraphics assert(cs != NULL) failed in img_pixels_for_destination: colorspace missing
CoreGraphics/Images/CGSImage.c:4029: failed assertion `cs != NULL'
[com.apple.Preview] CoreGraphics assert(cs != NULL) failed in img_pixels_for_destination: colorspace missing
CoreGraphics/Images/CGSImage.c:4029: failed assertion `cs != NULL'
gist.github.com
July 7, 2025 at 8:26 PM
Apple Preview 11.0 (macOS 15.5) does crash while opening gist.github.com/nst/373748f2... as x.pdf (malformed ICC profile).
[com.apple.Preview] CoreGraphics assert(cs != NULL) failed in img_pixels_for_destination: colorspace missing
CoreGraphics/Images/CGSImage.c:4029: failed assertion `cs != NULL'
[com.apple.Preview] CoreGraphics assert(cs != NULL) failed in img_pixels_for_destination: colorspace missing
CoreGraphics/Images/CGSImage.c:4029: failed assertion `cs != NULL'
Reposted by Ange
lynn.github.io/flateview/
Impressive. Visualizer of zlib (gzip) - paste in a paragraph or two of text.
Reminds me of @angealbertini.bsky.social's binary file-format illustrations (google 'corkami').
Impressive. Visualizer of zlib (gzip) - paste in a paragraph or two of text.
Reminds me of @angealbertini.bsky.social's binary file-format illustrations (google 'corkami').
September 29, 2025 at 7:28 PM
lynn.github.io/flateview/
Impressive. Visualizer of zlib (gzip) - paste in a paragraph or two of text.
Reminds me of @angealbertini.bsky.social's binary file-format illustrations (google 'corkami').
Impressive. Visualizer of zlib (gzip) - paste in a paragraph or two of text.
Reminds me of @angealbertini.bsky.social's binary file-format illustrations (google 'corkami').
Reposted by Ange
I have been learning more about PDFs than I really wanted to for maybe the absolutely most funny reason possible - letting agency forgery: mjg59.dreamwidth.org/73317.html
September 24, 2025 at 10:25 PM
I have been learning more about PDFs than I really wanted to for maybe the absolutely most funny reason possible - letting agency forgery: mjg59.dreamwidth.org/73317.html
Reposted by Ange
September 19, 2025 at 10:19 PM
Grab your @phrack copy (beautiful 150 page color print) at @nullcon’s registration booth!
September 5, 2025 at 6:54 AM
Grab your @phrack copy (beautiful 150 page color print) at @nullcon’s registration booth!
Bash script injection in a JPEG file:
hackers-arise.com/the-one-man-...
hackers-arise.com/the-one-man-...
The One-Man APT, Part I: A Picture That Can Execute Code on the Target The One-Man APT, Part I: A Picture That Can Execute Code on the Target - Hackers Arise
Have you ever wondered if it’s possible to replicate the stealthy behavior of a modern cyber‑attack using artificial intelligence? As part of my research, I focused on the techniques used by a Linux-b...
hackers-arise.com
August 28, 2025 at 9:42 AM
Bash script injection in a JPEG file:
hackers-arise.com/the-one-man-...
hackers-arise.com/the-one-man-...
Reposted by Ange
Today I have a more serious topic than usual, please consider reposting for reach:
My wife and I are urgently looking for a specialist in neuropediatrics or a similar field for our autistic child with a diagnosed, but not further specified, movement disorder [1/4]
My wife and I are urgently looking for a specialist in neuropediatrics or a similar field for our autistic child with a diagnosed, but not further specified, movement disorder [1/4]
August 19, 2025 at 8:34 AM
Today I have a more serious topic than usual, please consider reposting for reach:
My wife and I are urgently looking for a specialist in neuropediatrics or a similar field for our autistic child with a diagnosed, but not further specified, movement disorder [1/4]
My wife and I are urgently looking for a specialist in neuropediatrics or a similar field for our autistic child with a diagnosed, but not further specified, movement disorder [1/4]
Reposted by Ange
Just pushed a new frontend for my site, and a new post!
This one's about an tricky file write vulnerability on Windows in OBS. By crafting an image with very specific pixels, we can plant a backdoor on your PC all from an attacker's site by misconfiguring:
jorianwoltjer.com/blog/p/resea...
This one's about an tricky file write vulnerability on Windows in OBS. By crafting an image with very specific pixels, we can plant a backdoor on your PC all from an attacker's site by misconfiguring:
jorianwoltjer.com/blog/p/resea...
OBS WebSocket to RCE | Jorian Woltjer
Disabling password authentication of your OBS WebSocket server can have devastating consequences. We'll attack from the browser to construct an RCE payload on Windows formed from the pixels of an imag...
jorianwoltjer.com
June 5, 2025 at 6:49 PM
Just pushed a new frontend for my site, and a new post!
This one's about an tricky file write vulnerability on Windows in OBS. By crafting an image with very specific pixels, we can plant a backdoor on your PC all from an attacker's site by misconfiguring:
jorianwoltjer.com/blog/p/resea...
This one's about an tricky file write vulnerability on Windows in OBS. By crafting an image with very specific pixels, we can plant a backdoor on your PC all from an attacker's site by misconfiguring:
jorianwoltjer.com/blog/p/resea...
I had a minor printing problem with an article where the last few letters of the longest lines of text were missing.
It was a small mental puzzle every 5-10 lines to guess the missing letters.
An interesting exercise to stay focused throughout the article.
It was a small mental puzzle every 5-10 lines to guess the missing letters.
An interesting exercise to stay focused throughout the article.
June 1, 2025 at 4:07 PM
I had a minor printing problem with an article where the last few letters of the longest lines of text were missing.
It was a small mental puzzle every 5-10 lines to guess the missing letters.
An interesting exercise to stay focused throughout the article.
It was a small mental puzzle every 5-10 lines to guess the missing letters.
An interesting exercise to stay focused throughout the article.
Reposted by Ange
Fun and informative, as always, thank you!
April 25, 2025 at 6:28 AM
Fun and informative, as always, thank you!
QQ: what's your favorite PDF analysis tool [for malicious files or 'standard' ones]?
(besides peepdf / Stevens' PDF parser+id / VeraPDF)
(besides peepdf / Stevens' PDF parser+id / VeraPDF)
April 11, 2025 at 1:06 PM
QQ: what's your favorite PDF analysis tool [for malicious files or 'standard' ones]?
(besides peepdf / Stevens' PDF parser+id / VeraPDF)
(besides peepdf / Stevens' PDF parser+id / VeraPDF)
"Polyglot files are unnatural and never existed in the wild", they say.
Aperture cards are punched cards with a microfiche, indexing 'analogue' images with punched cards data on the same medium.
A standard polyglot document IRL defined in the 1960s.
Aperture cards are punched cards with a microfiche, indexing 'analogue' images with punched cards data on the same medium.
A standard polyglot document IRL defined in the 1960s.
April 2, 2025 at 7:43 AM
"Polyglot files are unnatural and never existed in the wild", they say.
Aperture cards are punched cards with a microfiche, indexing 'analogue' images with punched cards data on the same medium.
A standard polyglot document IRL defined in the 1960s.
Aperture cards are punched cards with a microfiche, indexing 'analogue' images with punched cards data on the same medium.
A standard polyglot document IRL defined in the 1960s.
You’re making a PDF about weird file formats and PDF… and the PDF doesn’t let you write “file”… very meta.
April 1, 2025 at 4:30 PM
You’re making a PDF about weird file formats and PDF… and the PDF doesn’t let you write “file”… very meta.
The craziest file I made & visualized recently was combining the Doom PDF with a DOS & Windows (EXE & PE) polyglot.
It runs Doom on OS from 1993 until today, and Chrome-based PDF viewers!
You can make it an HTML/JS polyglot too to run on most browsers! (3/3)
It runs Doom on OS from 1993 until today, and Chrome-based PDF viewers!
You can make it an HTML/JS polyglot too to run on most browsers! (3/3)
April 1, 2025 at 6:34 AM
The craziest file I made & visualized recently was combining the Doom PDF with a DOS & Windows (EXE & PE) polyglot.
It runs Doom on OS from 1993 until today, and Chrome-based PDF viewers!
You can make it an HTML/JS polyglot too to run on most browsers! (3/3)
It runs Doom on OS from 1993 until today, and Chrome-based PDF viewers!
You can make it an HTML/JS polyglot too to run on most browsers! (3/3)
In PagedOut 6, I showed many PDF tricks by dissecting a crazy yet fully working handmade “Hello World” PDF file.
March 29, 2025 at 6:48 PM
In PagedOut 6, I showed many PDF tricks by dissecting a crazy yet fully working handmade “Hello World” PDF file.
I made in PagedOut 6 an illustration on the basics of the PDF format.
March 29, 2025 at 6:24 PM
I made in PagedOut 6 an illustration on the basics of the PDF format.
Reposted by Ange
Paged Out! #6 has arrived! And it's jam-packed with content!
You can download it here:
pagedout.institute?page=issues....
You can download it here:
pagedout.institute?page=issues....
March 29, 2025 at 12:17 PM
Paged Out! #6 has arrived! And it's jam-packed with content!
You can download it here:
pagedout.institute?page=issues....
You can download it here:
pagedout.institute?page=issues....
Interesting infection chain using polyglots: www.proofpoint.com/us/blog/thre...
Call It What You Want: Threat Actor Delivers Highly Targeted Multistage Polyglot Malware | Proofpoint US
Key findings Proofpoint researchers identified a highly targeted email-based campaign targeting fewer than five Proofpoint customers in the United Arab Emirates with a distinct
www.proofpoint.com
March 6, 2025 at 7:59 AM
Interesting infection chain using polyglots: www.proofpoint.com/us/blog/thre...
Reposted by Ange
I shrank Takashi Hayakawa's tiny ray tracer by 33 bytes seriot.ch/projects/pos...
March 4, 2025 at 6:28 PM
I shrank Takashi Hayakawa's tiny ray tracer by 33 bytes seriot.ch/projects/pos...
Any requests or questions on PDF manipulations ? (Or another format)
February 22, 2025 at 10:20 PM
Any requests or questions on PDF manipulations ? (Or another format)