Fri 22 October 2010 by fred

We have 4 open positions for internships:

  • Malicious hardware and USB: the purpose is to study the USB protocol and use it on a device (e.g. FPGA) to compromise a target host (Windows, MacOS X, Linux, iOS, Android).
  • Distributed brute force cryptanalysis: the candidate will have to develop a ...
read more

Website 2.0

Mon 06 September 2010 by fred

The Sogeti/ESEC R&D lab is glad to welcome you on this new website.

You can now retrieve here everything we did in the past, and what we will continue to do:

read more

What will we do at HITB Amsterdam?

Tue 08 June 2010 by fred

Sogeti ESEC R&D will be very active at the HITB Amsterdam conference (June 29 - July 2, 2010), and will be giving a training, a lab session and a talk. If you want to meet us there, we can propose some reduction coupons. Please get in touch with us for ...

read more

(At least) 4 ways to die opening a PDF

Fri 26 June 2009 by fred

There are several way to trigger events when a PDF is viewed: pushing a button, resizing the document, closing it, reaching a page, when mouse pass on a zone, when an annotation is displayed/hidden, ... but the most interesting from an offensive point of view is when the document is ...

read more

Virus total with origami?

Fri 19 June 2009 by fred

While writing the previous article, I decided to run a simple test: hide a well-known virus in a PDF file, and let's see what happens. Results are beyond expectation!

The test I made was really simple:

  • Take the EICAR test file
  • Take an innocent PDF file (it has been ...
read more

Streams and filters in PDF with origami

Fri 19 June 2009 by fred

As we explained in the previous article, streams are a really important kind of object in PDF. Any data is represented as a stream. However, keeping raw data in a file can be inefficient (think about encoding or size issues for instance). So, this article shows how to create / manipulate ...

read more

Playing with origami in PDF

Fri 19 June 2009 by fred

PDF file format is now very common. It is regarded as secure because most people believe it is static. It is not. In order to prove it, we have developed a Ruby framework, origami designed to play with PDF files.

Some code being usually more helpful than long writing, let ...

read more

Slides du séminaire disponibles

Thu 05 February 2009 by fred

Juste pour signaler la mise à disposition des transparents du séminaire du 3 février dernier :

  • Les hébergeurs bullet-proof - A. Gazet et G. Campana - [PDF]
  • Analyse d'un botnet venu du froid - D. Aumaître, C. Devaux et J. Lenoir - [PDF]
  • Contourner les produits de sécurité - JB. Bedrune et Y. Guillot - [PDF ...
read more

Security assessment of TrueCrypt (english)

Mon 08 December 2008 by fred

Let us summarize: the CSPN (Certification de Sécurité de Premier Niveau - First Level Security Certification) is a security assessment proposed by the DCSSI, the main organisation in France dealing with these matters in France. The purpose is to get a quick evaluation in a given time (20 days if there ...

read more

CSPN TrueCrypt : rapport d'évaluation et mise à jour du logiciel

Fri 05 December 2008 by fred

Pour faire bref, la CSPN est un test de sécurité formalisé par la DCSSI. Il s'agit, en temps contraint (20 jours s'il n'y a pas de crypto, 30 s'il y en a), de donner un avis sur la sécurité d'un produit. Dans ce contexte, nous ...

read more