Internships 2015

Fri 24 October 2014 by cedric

This year, we have 4 open positions for internships:

  • Analysis of a virtualization platform
  • Binary instrumentation
  • Bootkit UEFI
  • Indicator Of Compromise (IOC) recovery tool

Internship 1: Analysis of a virtualization platform


The purpose of this internship is to study a virtualization system currently used in the cloud. The effective ...

read more

Exploiting a vulnerability in HTC One bootloader and bruteforcing the PIN/password

Wed 23 July 2014 by cedric


This article deals with the presence of the "read_mmc" command in the HTC One phone. Our target phone had Android 4.2.2 and HBOOT 1.54.0000. This vulnerability has been reported to HTC in February 2014 and has been fixed with the Kit Kat (4.4 ...

read more

Internships 2014

Fri 15 November 2013 by cedric

We have 4 open positions for internships:

  • Assessment of tools detecting APT
  • Binary instrumentation
  • Analysis of a virtualization platform
  • Electronic Control Units (ECU) analysis

Internship 1: Assessment of tools detecting APT


The first part of the internship consists of analyzing different solutions that detect advanced attacks. Then, based on ...

read more

Presence at 2013

Wed 02 October 2013 by cedric

As some people may have already noticed, we will be present at 2013!

There has been extensive research and attacks on iPhone bootloaders but the Android world is quite large with multiple hardware manufacturers, and therefore has not been fully explored yet. To fill the void, we have ...

read more

Forensics on Android phones and security measures

Fri 22 June 2012 by cedric

iPhone forensics has been well studied by lots of security people (and our team). Android is less looked at probably because there is less challenge for hackers (because of openness) and also because of the heterogeneity of devices. On mobile devices, forensics is possible as soon as you get code ...

read more

Some feedback from the HITB 2012 conference

Wed 20 June 2012 by cedric

Recently, HITB 2012 took place in Amsterdam (Okura Hotel) and some of us attended.

Impressed by the quality of the conference, we will try to summarize here all presentations that we attended.Also, Sogeti NL organized three challenges (Web application, WiFi and Social Engineering).

Windows RunTime

Sébastien RENAUD and Kévin ...

read more

HTC unlock internals

Tue 10 April 2012 by cedric

Since the end of 2011, HTC allows unlocking its Smartphones' bootloaders. Before that, HTC controlled every updates and packages that were installed on their devices. Users can now unlock their device manually in order to install any installation image (commonly called "ROM" in Android jargon) on their Smartphone. This article ...

read more

Some feedback from the 28C3 conference

Fri 13 January 2012 by cedric

Here is a summary of the talks I attended during CCC. The talks were given in 3 simultaneous tracks, so some choices had to be made. All in all, this is one of the best conferences I attended and I can only recommend it. The slides will be made available ...

read more

Retours sur le 28C3

Mon 09 January 2012 by cedric

Voilà un résumé des conférences auxquelles j'ai assisté. Les planches seront rendues disponibles au fur et à mesure. Les conférences sont réparties sur 3 salles en simultané, il a donc fallu faire des choix. Globalement, c'est une des meilleures conférences auxquelles j'ai pu assister, je ne peux ...

read more

Passcode bypass of the HTC Desire Z using an unexpected feature of the bootloader

Sun 22 May 2011 by cedric

Android devices are becoming increasingly present everywhere. iPhone security has been analyzed by researchers -- however this is more difficult for Android devices due to the diversity of vendors and devices: each model has its own characteristics and has a unique combination of hardware and software. What will be discussed here ...

read more