Mon 02 July 2012 by jj

For the third year we had the chance to participate to REcon 2012.

Here is a summary of the most intelligible talks.

The case for semantics-based methods in reverse engineering

Rolf Rolles started the conference on his predilection subject, semantic analysis of code.

A lengthy introduction reminded us that semantic ...

read more CTF 2011 Write-up : Scotty's last signal

Tue 27 September 2011 by jj

Another writeup for the excellent 2011 Capture The Flag contest. This one was very unusual, based on a patched NES rom of Super Mario Bros 1.

Scotty's last signal

You might have heard about Montgomery Scott, the legendary chief
engineer of the U.S.S. Enterprise. What ...
read more

Linux syscall ABI

Tue 05 July 2011 by jj

A quick post to summarize the linux kernel syscall ABI on i386 architecture.

It is hard to come by a short summary of how to do direct syscalls under the linux kernel. This does not intend to be exhaustive nor authoritative, but at least now I'll have something to ...

read more

Sniffing USB traffic with VMWare

Wed 06 April 2011 by jj

VMWare offers the possibility to dump any usb traffic at the lowest level to a dump file.We'll describe here how to activate this feature, and additionally publish a script to convert the dump file to the PCAP format, suitable for use with wireshark.

Enable USB logging

VMWare can ...

read more

Splitting a mercurial repository : HgSplit

Wed 09 February 2011 by jj

Here at the R&D lab we use mercurial for our code versionning.

One of the problems we faced was that sometimes we would commit big files like pdfs or raw data into a repository.This is fine, as long as the repository remains for internal eyes only.Then at ...

read more

Training at CanSecWest 2011: Advanced binary deobfuscation

Thu 03 February 2011 by jj

Yoann 'jj' Guillot will also be giving a course about advanced binary deobfuscation, during the next CanSecWest Dojo session in Vancouver (March 7th/8th).

The course will teach you how to overcome state-of-the-art binary obfuscation.

You will see, and learn to defeat :

  • traditional junk,
  • arithmetic code hiding,
  • code flattening,
  • and ...
read more

Metasm recipes: working with a process image

Tue 18 January 2011 by jj

Today we'll discuss how metasm can be used to work with a process memory dump, and also how to search for gadgets suitable for a short ROP sequence.

While working on a vulnerability on a windows server, we had the following premises:

  • Non-executable heap
  • Randomised address space (except for ...
read more

Automatic exploitation with Metasm

Sat 19 June 2010 by jj

Ivan wrote a post on a script he wrote using metasm to automatically find most parameters needed when exploiting a simple stack-based buffer overflow.

I want to add a few lights on other ways to achieve the same result, and take this opportunity to bring his work to our english-speaking ...

read more

Hack in the Box - Amsterdam 2010

Tue 25 May 2010 by jj

Sogeti est sponsor platinum de la conférence HITB Amsterdam.

Nous y tiendrons le dojo Metasm, et donnerons une présentation sur une attaque physique ciblant Windows 7 64bits.

N'hésitez pas à passer nous faire un petit coucou !

Sogeti is a Platinum sponsor for the HITB amsterdam ITsec conference.

We'll ...

read more

CanSecWest 2010

Wed 31 March 2010 by jj

We had the chance to assist to the CanSecWest 2010 IT security conference, which took place as every year in Vancouver, Canada.

This is a summary of the conferences we could attend to.

Internet Nails The first day started with a great rant of Marcus Ranum on how most of ...

read more