Date Fri 27 June 2014
Author Serge Guelton
Category Programming

Why does some memset calls get optimized away by the compiler? Let's investigate!

Date Wed 11 June 2014
Author Jordan Bouyat
Category Fuzzing

We recently begun to search bugs in USB host stacks using one of our tool based on the Facedancer. This article first presents our fuzzing approach followed by a practical example of a bug in Windows 8.1 x64 full-updated. The goal of this article is not to redefine state-of-the-art USB fuzzing, nor to give a full description of our fuzzing architecture, but rather to narrate a scenario which starts from fuzzing and ends up with a bug report.

Date Fri 16 May 2014
Author Serge Guelton
Category Programming

Where building a custom obfuscated Python interpreter for a Python packer turned into an optimized Python interpreter.

Date Mon 12 May 2014
Author Adrien Guinet
Category Programming

Back in the days when I was playing with SSE instructions, I was trying to optimize every workload that I could think of. One of these was to convert thousands of IPv4 strings to 32-bit numbers for further processing. This article shows one way to optimize such a thing, and how the SSE instructions set can be used to get the better of your $1000 Intel CPU :)

Date Tue 01 April 2014
Authors Sébastien Renaud, Kevin Szkudlapski
Category Reverse-Engineering

Modern OSes have a feature that mitigates the exploitation of stack based buffer overflows. It basically works by writing a "cookie" value before the return address in the stack in the prologue of a function and checking it before the function returns (for further information, see [1] and [2]). This article talks about how this mitigation has been enforced in Windows 8.

Date Wed 22 January 2014
Author Adrien Guinet
Category Exploitation

Eloi Vanderbéken recently found a backdoor on some common routers, which is described on his GitHub here. Basically, a process that listens on the 32764 TCP port runs, sometimes accessible from the WAN interface. We scanned the v4 Internet to look for the routers that have this backdoor wild open, and gathered some statistics about them. We will also present a way to permanently remove this backdoor on Linksys WAG200G routers.

Date Tue 21 January 2014
Author David Carle
Category Programming

Angular is a client side framework aimed at creating rich web applications. It adds logic declaration to the normally static HTML in order to provide a dynamic user experience. Built at Google, it is a perfect tool for building one page applications, and is made to be really accessible for the standard web developper. But some of the magic going on underneath can be tricky, doing things outside the box can be much more difficult. This article has no tutorial or introduction vocation, it just tries to shed some light on some unexpected behaviours of angular.

Date Thu 19 December 2013
Author Sébastien Kaczmarek
Category Cryptography

IBM Lotus Domino is an email client rather common in companies like Microsoft Outlook. This article proposes to observe a small part of the application engine, namely one method used to store the user's password. In a second step, we will conduct a brief analysis of all used algorithms then we will see how to implement a plugin for John The Ripper to bruteforce discovered digests.

Date Wed 20 November 2013
Author Kevin Szkudlapski
Category Programming

Writing a disassembler is a tedious task. You have to decode the opcode, interpret the meaning of the operands and, finally, print the instruction correctly. Fortunately, you can count on IDA to provide modules with mapping executable, a colorful GUI, control flow graphs and so on. In this article, I'll share my feedbacks on developing an IDP module for IDA.

Date Thu 17 October 2013
Authors Cyril Cattiaux, gg
Category Cryptography

iMessage is probably one of the most trendy instant messaging systems. Apple presents it as very secure, with high cryptographic standards, including end-to-end encryption preventing even Apple from reading the messages. Is this true?