SSTIC 2009 Challenge vs Metasm

Fri 03 July 2009 by alex

Few weeks ago, preceding the 2009 SSTIC conference, the wonderful Stéphane Duverger proposed the SSTIC 2009 Challenge. It has been one of the most intersting reverse challenge I've seen these last months and I will take advantage of it to describe few use cases of Metasm.

I strongly encourage ...

read more

(At least) 4 ways to die opening a PDF

Fri 26 June 2009 by fred

There are several way to trigger events when a PDF is viewed: pushing a button, resizing the document, closing it, reaching a page, when mouse pass on a zone, when an annotation is displayed/hidden, ... but the most interesting from an offensive point of view is when the document is ...

read more

Virus total with origami?

Fri 19 June 2009 by fred

While writing the previous article, I decided to run a simple test: hide a well-known virus in a PDF file, and let's see what happens. Results are beyond expectation!

The test I made was really simple:

  • Take the EICAR test file
  • Take an innocent PDF file (it has been ...
read more

Streams and filters in PDF with origami

Fri 19 June 2009 by fred

As we explained in the previous article, streams are a really important kind of object in PDF. Any data is represented as a stream. However, keeping raw data in a file can be inefficient (think about encoding or size issues for instance). So, this article shows how to create / manipulate ...

read more

Playing with origami in PDF

Fri 19 June 2009 by fred

PDF file format is now very common. It is regarded as secure because most people believe it is static. It is not. In order to prove it, we have developed a Ruby framework, origami designed to play with PDF files.

Some code being usually more helpful than long writing, let ...

read more

SSTIC 2009 : Jour 3

Mon 08 June 2009 by christophe

Bandeau_SSTIC_2009.small.png

Résumé des conférences de la 3ème journée du SSTIC 2009.

"<SCRIPT>ALERT('XSS');</SCRIPT> -- XSS : DE LA BRISE À L'OURAGAN

Pierre GARDENAT (Académie de Rennes)

Pierre GARDENAT commence par nous rappeler rapidement les utilisations des failles XSS (JavaScript, redirections, prise de contrôle du navigateur...), bien connu dans le monde ...

read more

SSTIC 2009 : Jour 2

Mon 08 June 2009 by christophe

Bandeau_SSTIC_2009.small.png

Résumé des conférences de la 2nd journée du SSTIC 2009.

FUZZING : LE PASSÉ, LE PRÉSENT ET L’AVENIR

Ari TAKANEN

thumb_img_0850.jpg

FUZZGRIND : UN OUTIL DE FUZZING AUTOMATIQUE

Gabriel CAMPANA (Sogeti ESEC)

thumb_img_0854.jpg

thumb_img_0855.jpg

SÉCURITÉ DES ARCHITECTURES DE CONVERGENCE FIXE-MOBILE

Laurent BUTTI (Orange Labs)

thumb_img_0857.jpg

thumb_img_0859.jpg

SÉCURITÉ DES SMARTPHONES

Romain RABOIN (Atlab)

Romain Raboin présente ses ...

read more

SSTIC 2009 : Jour 1

Mon 08 June 2009 by christophe

Bandeau_SSTIC_2009.small.png

Résumé des conférences de la 1ère journée du SSTIC 2009.

ÉVALUATION DE L’INJECTION DE CODE MALICIEUX DANS UNE JAVA CARD

Jean-Louis LANET, Julien IGUCHI-CARTIGNY

La première conférence du SSTIC est une conférence invitée sur les Java Cards. Alors que la spécification Java Card 3.0 propose d'intégrer un ...

read more

EICAR Conference 2009, feedback from Berlin

Wed 20 May 2009 by alex

Last week Julien and I were in Berlin to attend to the 18th EICAR conference.

Julien gave a talk on the analysis of a botnet. Based on a technical analysis of the infector and the pieces it drops, he, Damien and Christophe were able to get a discerning picture of ...

read more

Metasm classes (2)

Fri 08 May 2009 by jj

This article will explore a bit of the framework internals to show how decoding executable files and instructions is handled.

We've seen last week a high-level overview of disassembly using metasm.

This article will dive into the code to see how things are done under the hood.

Executable file ...

read more