Bypassing ASLR and DEP on Adobe Reader X

Fri 22 June 2012 by guillaume

Due to their complexity and their large deployment on users' machines, Adobe products (especially Flash and Reader) have often received a lot of attention from attackers. Being aware of this fact, Adobe has taken one step forward in security with the latest version of their PDF reader, Adobe Reader X ...

read more CTF 2011 Write-up : Romulan Business Network

Thu 22 September 2011 by guillaume

Once again, we participated in the Capture-The-Flag event organized by the FluxFingers team at Just like last year's CTF, the challenges were fun and original, and we finished up first after 48 hours of rude competition. The challenge here consisted in a little PDF crackme to solve ...

read more

The undocumented password validation algorithm of Adobe Reader X

Wed 14 September 2011 by guillaume

Someone recently sent me an email about troubles when opening in Origami encrypted PDF documents produced by Acrobat Pro X. At first I thought it was a bug, but while looking in the data of the document I noticed two unusual things: the specified PDF version was Extension Level 8 ...

read more

Origami 1.0 released!

Tue 24 May 2011 by guillaume

I am pleased to announce the first stable release of Origami, the PDF manipulation framework! A lot of new cool features has been added since the last beta and I consider the framework has become stable enough now. This release introduces the support for AES256 encryption/decryption, partial support for ...

read more

Training at CanSecWest 2011 : Analysis of malicious documents

Mon 31 January 2011 by guillaume

Jean-Baptiste and Guillaume will give a course about malicious document analysis during the next CanSecWest Dojo session at Vancouver (March 7th/8th).

The course deals with two major cases: PDF and Microsoft Office documents. Nowadays those two file formats have become a common vector to exploit end-user systems. Their respective ...

read more

Presentation at Reversing the Broadcom NetExtreme's firmware

Sun 21 November 2010 by guillaume

I was giving a talk in October during last session. The presentation focuses on the roadmap taken to reverse engineer the Broadcom Ethernet NetExtreme firmware family: building a firmware debugger, instrumentation tools, to finally develop a customized network card firmware.

NetExtreme family cards are the standard range of ...

read more

An approach to PDF shielding

Wed 01 September 2010 by guillaume

In a previous article we showed how one could delve into a document's internals to look for suspicious elements (like JavaScript scripts registered to run at the document opening). This method can give a good heuristic about whether a document is malicious or not.

However while many antivirus vendors ...

read more

Compte-rendu du 3e Forum International sur la Cybercriminalité

Sat 28 March 2009 by Guillaume

La Gendarmerie Nationale organisait le 24 mars 2009 à Lille le 3e Forum International sur la Cybercriminalité. L'évènement a rassemblé près de 1500 participants et a été l'occasion pour Michèle Alliot-Marie, ministre de l'Intérieur, de l'Outre-mer et des Collectivités territoriales, d'annoncer de nouveaux moyens pour ...

read more

Compte rendu du séminaire de l'ESEC sur la Lutte Informatique Offensive

Sat 07 February 2009 by Guillaume

Le laboratoire de Recherche et Développement de l'ESEC organisait le 3 février 2009 un séminaire sur la Lutte Informatique Offensive. Après une introduction de David Bizeul sur les incidents de sécurité et de cybercriminalité dans le monde bancaire, les intervenants de l'ESEC ont traité des attaques de masse ...

read more

Compte rendu de la table ronde de l'IHEDN du 11 décembre 2008

Fri 19 December 2008 by Guillaume

L'Institut des Hautes Études de la Défense Nationale organisait à l'École Militaire à Paris une table ronde intitulée "Guerre de l'information et lutte informatique : état des lieux et enjeux". Animée par divers intervenants civils et militaires, elle a permis d'aborder ces notions sous des aspects techniques ...

read more