Internships 2013Thu 18 October 2012 by chrys
We have 3 open positions for internships:
- Mobile phone bootloader analysis: this internship aims to evaluate the security of existing bootloaders used in smartphones by developing a bootloader debugger and a USB fuzzer.
- Bootkit Windows 7: this internship aims to study existing bootkits on Windows 7 but also to develop an infection tool.
- NFC Android applications: this internship aims to study how NFC application on smartphones can make known attacks (card clone, relay attack, etc.) easier.
Internship 1: Mobile phone bootloader analysis
On smartphones (iPhone, Android, etc.), it is possible to prevent access on personal data by setting a passcode. However, the presence of vulnerabilities in bootloaders allows an attacker to bypass these protections. This internship aims to evaluate the security of existing bootloaders. To do this, we can distinguish two phases:
- The development of a bootloader debugger.
- The development of a USB fuzzer.
- Good knowledge and skills in reverse engineering, especially on ARM architecture.
- Experience in low level architecture and fuzzing is an asset.
Internship 2: Bootkit Windows 7
The aim of this internship is the analysis of bootkits on Windows 7 x64. At first, the candidate will have to study the state of art of bootkits by studying similar projects and already existing malwares. Then he will have to develop an infection tool for Windows 7 x64 using the latest bootkit type techniques. For example, this tool could unlock a computer session using a special key combination. In the meantime, it would be interesting to study how anti-bootkits work. Finally, the study of UEFI mechanism in Windows 8 is also possible.
- Good knowledge of Windows Internals, SDK, WDK, Windbg, IDA Pro.
- Development ASM 16bits, x86/x64.
- Debugging bootloaders by using VMware.
- Reverse of binary systems.
Internship 3: NFC Android applications
The goal of this internship is to evaluate the technology and feasibility of new attacks in mobile phones supporting NFC. These attacks can be the result of card emulation, data editing or the use of a mobile phone for performing a relay attack. The internship has two axes:
- State of art using existing development tools.
- NFC driver study.
- Good knowledge of: JAVA, SDK development, C development, Linux driver, NFC technologies.
- Experience in reverse engineering is a plus.
- Duration of internships : 4-6 months
- Contact : firstname.lastname@example.org
- Location : Paris (Issy les Moulineaux)