Good thing you can configure email spam filters to block files that large. The problem is depending how much compression you can get on that file you can zip the file and bypass the email spam filter file size limit. Then once the user gets the file and unzips it the file limit will exceed what the AV file limit size can scan. Basically bypassing both email and AV file limits. It's pretty common to just pack the file with a bunch of 0's then zip it which makes the file small enough to by pass the email size limit but unpacked it's to large to be scanned. You can also sprinkle in other techniques like encrypting the zip and adding a password to make sure the spam filter can't scan the data.
The scanners are broken beyond that size check. Files get stitched together from seemingly random base64 in some new malware I've seen hitting my spam collector folder. 😂 Scanners and compilers are the new things beind hidden/replaced/mutated etc idk why nobody is noticing. But I do get an insan amount of spam.
I'm in need of an eml file reader/editor that isn't buggy right now. If anyone knows of one. Friend of mine has a stalker and I can't help them block the person's access as it was crafted eml files that when read get added to a compile pipeline on the devices in question. I need a native eml reader with a strong sandbox but one I can redact sensitive user's info in before sharing them, for their privacy. This is a pretty big problem and the hackers will likely see this, I currently can't even use my pc's (all busted by the hacks) for analysis, and discontinuing use of this account tomorrow because it may be compromised. But will be back to check on this comment.💤
Thanks for uploading this! Great explanation of this vulnerability. Subbed and looking forward to the next video.
Good thing you can configure email spam filters to block files that large. The problem is depending how much compression you can get on that file you can zip the file and bypass the email spam filter file size limit. Then once the user gets the file and unzips it the file limit will exceed what the AV file limit size can scan. Basically bypassing both email and AV file limits. It's pretty common to just pack the file with a bunch of 0's then zip it which makes the file small enough to by pass the email size limit but unpacked it's to large to be scanned. You can also sprinkle in other techniques like encrypting the zip and adding a password to make sure the spam filter can't scan the data.
The scanners are broken beyond that size check. Files get stitched together from seemingly random base64 in some new malware I've seen hitting my spam collector folder. 😂 Scanners and compilers are the new things beind hidden/replaced/mutated etc idk why nobody is noticing. But I do get an insan amount of spam.
I'm in need of an eml file reader/editor that isn't buggy right now. If anyone knows of one. Friend of mine has a stalker and I can't help them block the person's access as it was crafted eml files that when read get added to a compile pipeline on the devices in question. I need a native eml reader with a strong sandbox but one I can redact sensitive user's info in before sharing them, for their privacy.
This is a pretty big problem and the hackers will likely see this, I currently can't even use my pc's (all busted by the hacks) for analysis, and discontinuing use of this account tomorrow because it may be compromised. But will be back to check on this comment.💤