 Hey, what's going on everybody? I just want to showcase a quick and small video to discuss a little bit of some that came out in a recent zero-geely newsletter An article that they had mentioned something extraneous was a unit code analyzer and stuff on zero-width spaces By a tweet on Swift on security And I thought this was super cool because I had seen it recently in the MITRE CTF that I had played recently They're the capture flag competition I don't want to just straight like rip her content here So I don't really mean to but I do want to parse through it with you So she explains that recently she had posted a tweet earlier fast.com noted and she had explained like yeah This this URL fast.com doesn't turn into a link like Twitter would normally have it do And that's because she did something clever with it So if I go to this original link here just to see this this tweet this fast.com Would normally as she explains that are on the second tweet be displayed With kind of a thumbnail and a description and just that just that sample of what the website is So if I actually showcase this to you within idle and I use that as like my default Python Explorer I'm just gonna put this in a string At least initially I'll just paste it in because you'll see that hey There is a space or some garbage that was just in this and that wasn't originally when we had read it At least on the browser and in Twitter if I put this in a string and I let Python try and interpret it You can see the word fast and the word calm But there are clearly some other bites in here that are being weird and are kind of hiding But it just looks like a space at least an idle. However, it's just Nothing or at least seemingly nothing while it's rendered on this web browser. So This is what she goes on to explain that this is a Unicode character for a zero-width space and she explains this Unicode analyzer online font space calm and you can explore it there if you really wanted to but it explains that This is a zero-width space. It's a Unicode character that doesn't have any width, but still is a space It takes up a it is it is a character She goes to explore it within the Windows utility and word just to show showcase the character map And you can find that Unicode key. I think it's two zero zero B or Bravo And you can use it later on and later on in fact if I pull idle back up And I just take this this space key here or if I copy and paste that block that is the zero key space I'll put this in the Google browser up here in the corner and I'll keep pacing I'm holding down control V right now. So I'll select all that and I'll go out on here back to idle and I can highlight all this This just looks like nonsense It looks like there's nothing really there, but it is just that Unicode character the zero-width space So I thought this was super cool because I wanted to showcase this kind of used for evil or used for something else Again, I don't want to I don't want to just kind of rip on on swift on securities content But she explains like hey this could maybe be used nefariously So I want to show you what happened when I was playing in the MITRE CTF MITRE CTF 210 So I'm gonna try and get to the content that we are at right now I'll speed this up a little bit so I can show you because right now on the left hand side I'm looking at the source code on the right I try to just whip out some Python code to be able to get the web page and see if I can view it a Little bit differently because you can see a bunch of zeros here On the left hand side that is the challenge prompt The challenge was titled challenge dot fine 55 just being that index the description and length greater They're equal to 374 so that was kind of a pointer at least to me or the player or the end user was that Yeah, there are 374 zeros here, but it's considered greater than that because There are other things in here There were zero with spaces that I while I was going through this process didn't even realize and even didn't even know So for a while I tried to go through some crazy things with Python requests like to try and download a raw form See if I can get like Unicode characters out of it when I didn't realize that I was already dealing with this stuff in My clipboard like I I had pasted it into idle earlier, and I had the exact same Kind of characters popping up there were like weird Unicode things and spaces in between all the zeros. I want to get to a point in the video where I show you this I'll try and skip around here. This is me trying to download it in the raw form. It just looks like garbage I don't I don't know where my head was at, but you know, that's how it is for a capture flag game Okay, so here. I am in idle just a moment back here I copy this I open it in idle and you can see just then right up in the above right up above there I paste them all in and it's all the zeros with spaces and what looks like pipes here or other random Unicode characters So this is weird, right? I'll slow this down and at that point. I notice. Wow. These are all these random bytes So what is I what I do is I put these into some blind text and I try and Make a distinction as to which are the real zeros and which are the characters that are either that Kind of pipe stick looking like thing or which are that fake zero with character space Let's speed through this because what I start to think is that this is actually a steganography problem Where one of those zero with spaces Must at least maybe the zero with spaces go away, but all of the things that look like pipes are Trying to refer to a one or a zero So maybe the character set that I'm looking at is a zero and a one and maybe it's trying to tell me something in binary. I Thought that would be the hidden message that I would be trying to decipher from this challenge This was in the cryptography section of the MITRE CTF game, but nonetheless, I Started to do it in Python and I just kind of bailed and put it back into ask you out hex So silly me. I realized I didn't get anything. So what I did was I switched the zeros and ones It was going to be the 50% chance whether I got it right Okay, are the ones in the right place or the zeros in the right place If not, I would flip them and the way that I do that is I replace one of the values with a temporary value Just a pipe in this case so I can replace all the ones back to zero and then I can replace all the pipes back to one And I do this quickly here. So now when I paste this in ask you to hex comm I get the flag MITRE CTF Academy MITRE cyber Academy and the flag is watch your clipboard and I thought that was fantastic. So You wouldn't have known that those are zero with characters had you not explored your clipboard Had I looked at them in a unicode analyzer like Swift was saying and in that tweet or at least pasted them an idol I thought it was weird that it had those those strange characters So a cool thing to note wanted to show it to you guys zero with characters they are totally a thing and Make sure to double check whatever is in your clipboard or there may be if you're suspicious about something maybe an idol or a Unicode analyzer so totally keep track of that if you end to have any notion of unicode characters Cool. Thanks for watching guys. I hope you enjoyed this video really simple stuff I really wanted to just kind of showcase it because it was someone similar in the news Seeing on zero daily was kind of neat and I wanted to bring out a show shout out to another individual's content and Still showcase some of my own, but thanks for watching guys. I'll see you in a later video