On November 2006, NIST (National Institute of Standards and Technology) announced a public competition for developing a new cryptographic hash algorithm which would become SHA-3. The submission dead-line was October 2008. NIST received 64 submissions and announced 51 valid candidates for the first round in December 2008 and 14 (including French candidates ECHO and Shabal) for the second round in July 2009. On December 2010, they announced the 5 final round candidates which were BLAKE, Grostl, JH, KECCAK and Skein. Finally, this month (October 2, 2012), NIST announced that the winner of the SHA-3 Cryptographic Hash Algorithm Competition is KECCAK.
Blog of the SOGETI / ESEC R&D Lab
chrysanthi » Wednesday 24 October 2012, 10:59 - News
chrysanthi » Thursday 18 October 2012, 14:57 - General
We have 3 open positions for internships:
- Mobile phone bootloader analysis: this internship aims to evaluate the security of existing bootloaders used in smartphones by developing a bootloader debugger and a USB fuzzer.
- Bootkit Windows 7: this internship aims to study existing bootkits on Windows 7 but also to develop an infection tool.
- NFC Android applications: this internship aims to study how NFC application on smartphones can make known attacks (card clone, relay attack, etc.) easier.
sebastien » Thursday 18 October 2012, 11:53 - Conferences
Just a quick post to let you know that, as some people may already have noticed, we will be present at hack.lu 2012!
In this talk, we will talk about GSM Protocol Stack and techniques we usually use to find vulnerabilities on new smartphones. You will also see the framework we have made to automate our fuzzing tests.
See you there!
jj » Monday 2 July 2012, 16:59 - Conferences
For the third year we had the chance to participate to REcon 2012.
Here is a summary of the most intelligible talks.
jean » Thursday 28 June 2012, 14:03 - Forensics
iOS filesystem encryption and data protection mechanisms are now well documented and supported by many forensics tools. iOS devices use NAND flash memory as their main storage area, but physical imaging usually refers to a "dd image" of the logical partitions. The iOS Flash Translation Layer for current devices is software-based (implemented in iBoot and the kernel), which means that the CPU has direct access to raw NAND memory. In this post we will describe how to acquire a NAND image and use FTL metadata to recover deleted files on A4 devices. The information presented here is based on the great reverse engineering work done by the iDroid/openiBoot team.
cedric » Monday 25 June 2012, 13:15 - Forensics
iPhone forensics has been well studied by lots of security people (and our team). Android is less looked at probably because there is less challenge for hackers (because of openness) and also because of the heterogeneity of devices. On mobile devices, forensics is possible as soon as you get code execution on them. If there is a defined passcode, a forensics guy/attacker would need to get code execution before the operating system starts in order to bypass this passcode. Usually, this code execution can be thought as a vulnerability in the bootloader.
This post deals with analyzing the forensics methods available on Android phones before Ice Cream Sandwich (4.x). So it will work on any device running Android 2.x and below.
guillaume » Friday 22 June 2012, 15:17 - Exploits
Due to their complexity and their large deployment on users' machines, Adobe products (especially Flash and Reader) have often received a lot of attention from attackers. Being aware of this fact, Adobe has taken one step forward in security with the latest version of their PDF reader, Adobe Reader X.
Adobe Reader X currently makes use of three different techniques to back off attackers on Windows :
- DEP (permanently enabled)
- Application sandboxing, with a derivative of the Chrome's sandbox implementation
We will see here how a bug in the Chrome sandbox can lead to the full bypass of ASLR and DEP in the renderer process with a good reliability (although not breaking the sandbox protection itself). The target will be an up-to-date Adobe Reader 10.1.3 on Windows 7 x64.
cedric » Thursday 21 June 2012, 10:43 - Conferences
Recently, HITB 2012 took place in Amsterdam (Okura Hotel) and some of us attended.
Impressed by the quality of the conference, we will try to summarize here all presentations that we attended. Also, Sogeti NL organized three challenges (Web application, WiFi and Social Engineering).
« previous entries - page 1 of 15