Sujets de stage 2018-2019

Sujets de stage 2018-2019

Publication des offres de stage pour l'année 2018-2019. Au menu : packer, wasm, analyse de binaires, cyber range, ids, android, ia, crypto, recherche de vulnérabilités, red team et linux.

more ...

MemITM, a memory fuzzer/sniffer

MemITM, a memory fuzzer/sniffer

The MemITM tool has been developped in order to allow intercepting really easily "messages" in Windows processes memory.

more ...

Portable Executable format, compilation timestamps and /Brepro flag

Portable Executable format, compilation timestamps and /Brepro flag

Portable Executable binaries embed timestamps stored by the compiler, which may in some cases appear inconsistent. This article details the origin of these inconsistencies and gives a code sample which may be used to get only the correct timestamps for threat hunting purposes.

more ...

Threat Hunting (Recherche de compromissions)

Threat Hunting (Recherche de compromissions)

Présentation de l'activité de recherche de compromissions du CERT AMOSSYS.

more ...

BreizhCTF 2k18 Write-Ups

BreizhCTF 2k18 Write-Ups

Amossys was a sponsor of the BreizhCTF 2k18, a French hacking competition over a single night (April 20-21th). Many challenges were proposed in a wide range of topics (Web, Reverse, Cryptography, etc). For this occasion, a team was created among our employees (Los Pedrolitos). Here are some write-ups of the solved challenges. And thanks to the organization team for this excellent event in Rennes!

more ...

BADFLICK is not so bad!

We present here an in-depth analysis of the BADFLICK backdoor, which is used by the TEMP.Periscope group also known as "Leviathan".

more ...

The Windows 10 TH2 INT 2E mystery

The Windows 10 TH2 INT 2E mystery

Since Windows 10 TH2, NTDLL's syscall routines have changed: syscalls can now be performed with the SYSCALL instruction, and with the INT 2E old one. We say "old" because, until this change, this method had not been supported on x64 architectures since Windows 8. So why such a change? Let's try to find out.

more ...

DIMCT

DIMCT

We developped a small tool, "DIMCT" which simply allows tracing inter module calls, without a too big overhead.

more ...

Teampass < 2.1.27.9 multiple vulnerabilities

Teampass < 2.1.27.9 multiple vulnerabilities

As part of its evaluation centre work, Amossys led a security review of Teampass 2.1.27.8. Multiple security vulnerabilities were found, and here are the CVE publications.

more ...

BreizhCTF 2k17 Write-Ups

BreizhCTF 2k17 Write-Ups

Amossys was a sponsor of the BreizhCTF 2k17, a French hacking competition over a single night (April 28-29th). Many challenges were proposed in a wide range of topics (Web, Reverse, Cryptography, etc). For this occasion, three teams were created among our employees. Here are some write-ups of the solved challenges. And thanks to the organization team for this excellent event in Rennes!

more ...