cR0w@cR0w@infosec.exchange
I kind of love the timelessness of SVGs as an attack vector because it's such an unnecessary attack surface.
https://www.seqrite.com/blog/unmasking-the-svg-threat-how-hackers-use-vector-graphics-for-phishing-attacks/
cR0w@cR0w@infosec.exchange
hrbrmstr πΊπ¦
π¬π±
π¨π¦
@hrbrmstr@mastodon.social
@cR0w@infosec.exchange What, you mean that it's a bad idea to require a JavaScript execution engine to be present to support embedding JS in any file type? WCPGW?
In other news, I shld have known this before, but recently discovered you can use WASM in SVGs, too.
https://rud.is/ex/wasm.svg
Milly@aanee@mastodon.online
@cR0w@infosec.exchange Attack Vector Graphics... there is a joke in there somewhere.
darf :BlobhajMlem:@darfplatypus@infosec.exchange
@cR0w@infosec.exchange yo dawg, I heard you liked JS so I put some in your picture format.
cR0w@cR0w@infosec.exchange
@darfplatypus@infosec.exchange ponders more DNS-based image shenanigans