Recrutement
Si vous êtes intéressés pour bosser sur des sujets sympas tout en restant loin de Paris, consultez nos offres d'emploi et envoyez nous votre CV à rh@amossys.fr.

Retour d'expérience de tests d'intrusion internes

Retour d'expérience de tests d'intrusion internes

Essor du numérique, diversification des surfaces d’exposition, multiplication des cyberattaques… Depuis plusieurs années, la sécurité informatique est devenue une composante essentielle de l'administration d'un Système d'Information (SI). Une des bonnes pratiques à avoir est d'auditer le SI de façon régulière afin d’identifier les failles et les vulnérabilités du système en vue de les corriger. L’un des objectifs de l’audit est de pouvoir établir un plan d'action en termes de sécurité du SI, à court, moyen et long terme. Voici un retour d’expérience de nos audits internes.

more ...

The Windows 10 TH2 INT 2E mystery

The Windows 10 TH2 INT 2E mystery

Since Windows 10 TH2, NTDLL's syscall routines have changed: syscalls can now be performed with the SYSCALL instruction, and with the INT 2E old one. We say "old" because, until this change, this method had not been supported on x64 architectures since Windows 8. So why such a change? Let's try to find out.

more ...

DIMCT

DIMCT

We developped a small tool, "DIMCT" which simply allows tracing inter module calls, without a too big overhead.

more ...

Virtualization Based Security - Part 2: kernel communications

Virtualization Based Security - Part 2: kernel communications

This blog post is a second article covering Virtualization Based Security and Device Guard features. In the first part, we covered the system boot process, from the Windows bootloader to the VTL0 startup. In this part, we explain how kernel communications between VTL0 and VTL1 actually work. As they use hypercalls to communicate, we will first describe the Hyper-V hypercalls implementation, then how the kernels use them to communicate. To finish with, we list all the different hypercalls and secure service calls we have identified during this work.

more ...

Virtualization Based Security - Part 1: The boot process

Virtualization Based Security - Part 1: The boot process

This blog post is the first part of a collection of articles covering Virtualization Based Security and Device Guard features. The objectives of these articles is to share a better understanding of these features from a technical point of view. This first article will cover the system boot process, from the Windows bootloader to the VTL0 startup.

more ...