Episode 132: In this episode of Critical Thinking - Bug Bounty Podcast, Justin Gardner is joined by Mathias Karlsson to discuss vulnerabilities associated with archives. They talk about his new tool, Archive Alchemist, and explore topics like the significance of Unicode paths, symlinks, and TAR before they end up talking about Charsets again..
Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to https://twitter.com/realytcracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater and Rez0 on Twitter:
https://x.com/Rhynorater
https://x.com/rez0__
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
Today's Sponsor: ThreatLocker - Patch Management
https://www.criticalthinkingpodcast.io/TL-patch-management
Today’s Guest: Mathias Karlsson - https://x.com/avlidienbrunn
====== This Week in Bug Bounty ======
Swiss Post's 2025 Public Intrusion Test starts on July 28, with up to €230K in rewards, early report bonuses, and new write-in fields in scope - pending client confirmation before communication from your side:
https://yeswehack.com/programs/swiss-post-evoting
Intigriti teams with NVIDIA to launch bug bounty and vulnerability disclosure program (VDP)
https://www.intigriti.com/blog/business-insights/intigriti-teams-with-nvidia-to-launch-bug-bounty-vulnerability-disclosure-program
Announcing the Bugcrowd Ingenuity Awards:
https://live-bug-crowd.pantheonsite.io/blog/announcing-the-bugcrowd-ingenuity-awards-celebrating-excellence-among-hackers-and-industry-leaders/
Hack the Hacker Series - AI Vulnerabilities and Bug Bounties
https://www.youtube.com/watch?v=syXVGe8zPSY
A Novel Technique for SQL Injection in PDO’s Prepared Statements
https://slcyber.io/assetnote-security-research-center/a-novel-technique-for-sql-injection-in-pdos-prepared-statements/
How We Accidentally Discovered a Remote Code Execution Vulnerability in ETQ Reliance
https://slcyber.io/assetnote-security-research-center/how-we-accidentally-discovered-a-remote-code-execution-vulnerability-in-etq-reliance/
====== Resources ======
Archive Alchemist
https://github.com/avlidienbrunn/archivealchemist
Hacking Livestream #53: The ZIP file format
https://www.youtube.com/watch?v=X7j2sisMKzk
====== Timestamps ======
(00:00:00) Introduction
(00:10:04) Archive Alchemist
(00:36:05) Unicode Extensions, normalization, and confusion attacks on Zip parsers
(00:48:44) Character Sets
(01:01:49) 7zip & File Names
(01:06:44) Path Traversal, Symlinks & Identifying Techniques
(01:36:05) Hardlinks and TAR
