| Couple of points from the video: 1. The regular expression simplifier (https://youtu.be/nlt4XKhucS4?t=1102) stood out as particularly interesting - I get the impression it was partly "mostly simple", and partly battle-tested/nontrivial/hand-tuned. Speaking not-entirely-rhetorically, this would probably be a very interesting tidbit to study. 2. You mentioned at https://youtu.be/nlt4XKhucS4?t=2272 in response to a question that you apparently pass PNGs and other binary content "straight through" (in the context of file upload), ie bypassing the WAF. Given things like... - webpage in JPEG (http://lcamtuf.coredump.cx/squirrel/, https://news.ycombinator.com/item?id=12262470, https://news.ycombinator.com/item?id=4209052), - JavaScript in EXIF (https://blog.sucuri.net/2013/07/malware-hidden-inside-jpg-ex...) - PHP in EXIF (https://web.archive.org/web/20130708132109/https://websec.io...) - HTML+JavaScript+1021 byte demo inside PNG: https://news.ycombinator.com/item?id=24824299, http://www.p01.org/MONOSPACE/ (general NB: "Packed version" link under "Additional links" actually loads the demo for me in Chrome, but clicking through from HN and loading the URL directly doesn't - some sort of bizarre CORS-related thing?) ...I presume the status quo has changed somewhat here. Hearing how/what's going on in this space would be very interesting. |