A polyglot is a file that can be interpreted as multiple different filetypes depending on how it is parsed. While polyglots serve the noble purpose of being a nifty parlor trick, they also have much more nefarious uses, e.g., hiding malicious printer firmware inside a document that subverts a printer when printed, or a document that displays completely different content depending on which viewer opens it. This talk does a deep dive into the technical details of how to create such special files, using examples from some of the recent issues of the International Journal of PoC||GTFO. Learn how we made a PDF that is also a valid NES ROM that, when emulated, displays the MD5 sum of the PDF. Learn how we created a PDF that is also a valid PostScript document that, when printed to a PostScript printer, produces a completely different document. Oh, and the PostScript also prints your /etc/passwd file, for good measure. Learn how to create a PDF that is also a valid Git repository containing its own LaTeX source code and a copy of itself. And many more!

Evan Sultanik is a computer security researcher with a diverse background in automated static analysis, taint analysis, distributed artificial intelligence, and combinatorial optimization. He is a frequent contributor to and editor of the International Journal of PoC||GTFO, and also helped typeset and edit the recently published book/bible of the same name. Prior to joining Trail of Bits, he was the Chief Scientist of Digital Operatives and, prior to that, a Senior Research Scientist at The Johns Hopkins University APL. He earned a Ph.D. in Computer Science from Drexel University, and also holds three other degrees in Computer Science and Mathematics. In a life prior to all of that, Evan was a code monkey working on document databases and OCR. Except for when he writes in a biographical format, Evan does not often refer to himself in the third person.

Recorded at BSides Philly 2017