Tag: 2016

18 articles
Date Wed 29 June 2016
Author Lucas Barthelemy
Category Cryptography

When appointing computation of private data to a third party, privacy is an issue. How can one delegate computation without giving up one's secrets? This gets trickier when multiple parties are involved. Several works on Multi-Party Computation (MPC) addressed this issue, but a new approach has started to emerge: Fully Homomorphic Encryption (FHE).

Date Wed 25 May 2016
Author Jérémie Boutoille
Category Exploitation

This blog post describes the exploitation of Xen Security Advisory 105 (XSA-105) [1] (CVE-2014-7155). This post explains the environment setup and shows the development of a fully working exploit on Linux 4.4.5.

Date Wed 20 April 2016
Authors Jean-Baptiste Bédrune, Marion Videau
Category Reverse-Engineering

An optimization for the finite field multiplication on 128-bit elements for AES-GCM exists whose explanation was not published, preventing any further application with different parameters. We reverse engineered the result to 1) get the explanation and 2) be able to apply it with other parameters.

Date Mon 28 March 2016
Author Serge Guelton
Category Programming

HOW-TO: Implementing a custom directive processor in clang to drive the compilation process of our LLVM-base code obfuscator, while maintaining backward-compatibility if another compiler is used. What a good opportunity for a journey in the first compiler stages!

Date Wed 09 March 2016
Authors Fred Raynal, Serge Guelton
Category Programming

Open sourcing binmap, a tool to scan filesystem and gather intel on which binaries are there, what are their dependencies, which symbols they are using and more. This yields a global view of a system, providing the basic block for building other tools!

Date Fri 04 March 2016
Authors Damien Aumaitre, Alexandre Gazet
Category Reverse-Engineering

Since Windows XP SP2, the Windows firewall is deployed and enabled by default in every Microsoft Windows operating system. Starting with Windows Vista the firewall relies on a set of API and services called the Windows Filtering Platform (WFP). Although used by almost every Windows OS, WFP is still one of the relatively unknown beast that lies in the kernel. In this post we will see how the firewall manages its persistent state.

Date Fri 05 February 2016
Author Alexandre Quint
Category Software

This post deals with the new features in IRMA 1.3.0 released earlier this month, from both a user and a contributor point of view.

Date Thu 07 January 2016
Authors Serge Guelton, Adrien Guinet
Category Programming

While improving the documentation (d'oh!) of our home grew obfuscator based on LLVM, we wrote a cheat sheet on clang's hardening features, and some of ld ones. It turns out existing hardening guides generally focus on GCC, while Clang also has an interesting set of hardening features. So let's share it in this blog post!