BreizhCTF 2k17 Write-Ups

BreizhCTF 2k17 Write-Ups

Amossys was a sponsor of the BreizhCTF 2k17, a French hacking competition over a single night (April 28-29th). Many challenges were proposed in a wide range of topics (Web, Reverse, Cryptography, etc). For this occasion, three teams were created among our employees. Here are some write-ups of the solved challenges. And thanks to the organization team for this excellent event in Rennes!

more ...

Virtualization Based Security - Part 2: kernel communications

Virtualization Based Security - Part 2: kernel communications

This blog post is a second article covering Virtualization Based Security and Device Guard features. In the first part, we covered the system boot process, from the Windows bootloader to the VTL0 startup. In this part, we explain how kernel communications between VTL0 and VTL1 actually work. As they use hypercalls to communicate, we will first describe the Hyper-V hypercalls implementation, then how the kernels use them to communicate. To finish with, we list all the different hypercalls and secure service calls we have identified during this work.

more ...

Virtualization Based Security - Part 1: The boot process

Virtualization Based Security - Part 1: The boot process

This blog post is the first part of a collection of articles covering Virtualization Based Security and Device Guard features. The objectives of these articles is to share a better understanding of these features from a technical point of view. This first article will cover the system boot process, from the Windows bootloader to the VTL0 startup.

more ...

An introduction of Use-After-Free detection in binary code by static analysis

An introduction of Use-After-Free detection in binary code by static analysis

Use-After-Free is a well-known class of vulnerabilities that is commonly used by modern exploits (cf. Pwn2own 2016). In the research project AnaStaSec, AMOSSYS works on how to statically detect such vulnerabilities in binary codes. In this blog post, we explain how the scientific community suggests detecting such type of vulnerabilities. The goal of this state of the art is to define a global methodology that will then let us build a proof of concept tool that satisfies our needs.

more ...

A recap of 32C3

A recap of 32C3

AMOSSYS attended the 32nd edition of the Chaos Communication Congress (CCC), which took place from December 27th to 30th in Hambourg. CCC is now one of the biggest hacker event in the world, amongst security conventions such as Defcon and Black Hat USA. The theme of this year's edition was Gated Communities. The idea behind this topic was to emphasis a global trend in which people are less and less part of the decision. Indeed, in many areas of our life, should it be related to politics, socio-economic or cultural domains, people face ideas, products and technologies that are imposed by these Gated Communities. In order to tackle this unfortunate tendency, the CCC invited people to hack and build new solutions by themselves. For four days, the congress was asked to be a dedicated Gated Community where anyone can discuss, think and decide freely. In this blog article, we decided to briefly recap some insightful talks we have attended during these four days.

more ...

Tutorial: How to reverse unknown protocols using Netzob

Tutorial: How to reverse unknown protocols using Netzob

This article presents the main features of Netzob on how to reverse engineer unknown protocols. It goes through learning the message formats of a simple protocol as well as its state machine, and gives some insights on how to generate traffic in order to communicate with a real implementation. Finally, we show how to apply some basic fuzzing targeting the server implementation.

more ...

A peek inside antivirus’ cloud features

A peek inside antivirus’ cloud features

As an information security firm, we at AMOSSYS, are interested in understanding how antivirus software work. In recent studies, we’ve noticed that “cloud-related” viral scans become a feature more and more publicized. However, if you take few minutes to browse vendors’ websites you can see that antivirus solutions seem to use the cloud, but you don’t really know how and why. This article exposes some of the observations we made while digging into this trend.

more ...

Automated Reverse Engineering of Cryptographic Algorithms

Automated Reverse Engineering of Cryptographic Algorithms

In this article we present a practical case of automated reverse engineering of cryptographic algorithms. We first briefly recall how does our automated solution work. Then we explain step by step how it can be used in a practical case to identify and locate an AES implementation. Finally, we show how the localization results can be exploited by security experts to easily check the correctness of the cryptographic implementation.

more ...

Design and usage of OpenDTeX DRTM Secure Boot

Design and usage of OpenDTeX DRTM Secure Boot

In this article we present the OpenDTeX research project which leverages trusted computing technologies to ensure strong security properties either at boot time or at OS runtime. We focus this article on the Secure Boot component, that relies on the TPM and DRTM technologies, and show its usage in details.

more ...

A tale of 31C3 - Part 2

A tale of 31C3 - Part 2

This is the second part of a serie of two articles about the 31C3 conference. This part summers up talks about bugs' mining, code pointer integrity, ICS pwning, or Perl / SS7 / XRayScanner vulnerabilities.

more ...