We have 4 open positions for internships:
- Malicious hardware and USB: the purpose is to study the USB protocol and use it on a device (e.g. FPGA) to compromise a target host (Windows, MacOS X, Linux, iOS, Android).
- Distributed brute force cryptanalysis: the candidate will have to develop a ...
What will we do at HITB Amsterdam?
(At least) 4 ways to die opening a PDF
There are several way to trigger events when a PDF is viewed: pushing a button, resizing the document, closing it, reaching a page, when mouse pass on a zone, when an annotation is displayed/hidden, ... but the most interesting from an offensive point of view is when the document is ...read more
Virus total with origami?
Streams and filters in PDF with origami
As we explained in the previous article, streams are a really important kind of object in PDF. Any data is represented as a stream. However, keeping raw data in a file can be inefficient (think about encoding or size issues for instance). So, this article shows how to create / manipulate ...read more
Playing with origami in PDF
Slides du séminaire disponibles
Juste pour signaler la mise à disposition des transparents du séminaire du 3 février dernier :
- Les hébergeurs bullet-proof - A. Gazet et G. Campana - [PDF]
- Analyse d'un botnet venu du froid - D. Aumaître, C. Devaux et J. Lenoir - [PDF]
- Contourner les produits de sécurité - JB. Bedrune et Y. Guillot - [PDF ...
Security assessment of TrueCrypt (english)
Let us summarize: the CSPN (Certification de Sécurité de Premier Niveau - First Level Security Certification) is a security assessment proposed by the DCSSI, the main organisation in France dealing with these matters in France. The purpose is to get a quick evaluation in a given time (20 days if there ...read more