Recrutement
Si vous êtes intéressés pour bosser sur des sujets sympas tout en restant loin de Paris, consultez nos offres d'emploi et envoyez nous votre CV à rh@amossys.fr.

BreizhCTF 2k18 Write-Ups

BreizhCTF 2k18 Write-Ups

Amossys was a sponsor of the BreizhCTF 2k18, a French hacking competition over a single night (April 20-21th). Many challenges were proposed in a wide range of topics (Web, Reverse, Cryptography, etc). For this occasion, a team was created among our employees (Los Pedrolitos). Here are some write-ups of the solved challenges. And thanks to the organization team for this excellent event in Rennes!

more ...

The Windows 10 TH2 INT 2E mystery

The Windows 10 TH2 INT 2E mystery

Since Windows 10 TH2, NTDLL's syscall routines have changed: syscalls can now be performed with the SYSCALL instruction, and with the INT 2E old one. We say "old" because, until this change, this method had not been supported on x64 architectures since Windows 8. So why such a change? Let's try to find out.

more ...

DIMCT

DIMCT

We developped a small tool, "DIMCT" which simply allows tracing inter module calls, without a too big overhead.

more ...

BreizhCTF 2k17 Write-Ups

BreizhCTF 2k17 Write-Ups

Amossys was a sponsor of the BreizhCTF 2k17, a French hacking competition over a single night (April 28-29th). Many challenges were proposed in a wide range of topics (Web, Reverse, Cryptography, etc). For this occasion, three teams were created among our employees. Here are some write-ups of the solved challenges. And thanks to the organization team for this excellent event in Rennes!

more ...

Virtualization Based Security - Part 2: kernel communications

Virtualization Based Security - Part 2: kernel communications

This blog post is a second article covering Virtualization Based Security and Device Guard features. In the first part, we covered the system boot process, from the Windows bootloader to the VTL0 startup. In this part, we explain how kernel communications between VTL0 and VTL1 actually work. As they use hypercalls to communicate, we will first describe the Hyper-V hypercalls implementation, then how the kernels use them to communicate. To finish with, we list all the different hypercalls and secure service calls we have identified during this work.

more ...

Virtualization Based Security - Part 1: The boot process

Virtualization Based Security - Part 1: The boot process

This blog post is the first part of a collection of articles covering Virtualization Based Security and Device Guard features. The objectives of these articles is to share a better understanding of these features from a technical point of view. This first article will cover the system boot process, from the Windows bootloader to the VTL0 startup.

more ...

Tutorial: How to reverse unknown protocols using Netzob

Tutorial: How to reverse unknown protocols using Netzob

This article presents the main features of Netzob on how to reverse engineer unknown protocols. It goes through learning the message formats of a simple protocol as well as its state machine, and gives some insights on how to generate traffic in order to communicate with a real implementation. Finally, we show how to apply some basic fuzzing targeting the server implementation.

more ...

Automated Reverse Engineering of Cryptographic Algorithms

Automated Reverse Engineering of Cryptographic Algorithms

In this article we present a practical case of automated reverse engineering of cryptographic algorithms. We first briefly recall how does our automated solution work. Then we explain step by step how it can be used in a practical case to identify and locate an AES implementation. Finally, we show how the localization results can be exploited by security experts to easily check the correctness of the cryptographic implementation.

more ...