Offre d'emploi dév. front-end web et mobile

Un poste de développeur front-end web et mobile s'ouvre dans notre équipe !

Il vient s'ajouter à ceux déjà ouverts : pentester, reverser, dev et sysadmin.

2019 summer challenge writeup

The 2019 summer challenge is now closed! This was a bit of a departure from the usual hardened binaries, as it showcased a programming model that is not a distant relative of the Turing machine. This article will give a high level overview of the challenge's solution, and some behind-the scenes comments.

Exploiting a No-Name FreeBSD Kernel Vulnerability

Introduction

A new patch has been recently shipped in FreeBSD kernels to fix a vulnerability (cve-2019-5602) present in the cdrom device. In this post, we will introduce the bug and discuss its exploitation on pre/post-SMEP FreeBSD revisions.

2019 summer challenge: Alonzo!

The Synacktiv summer challenge is back!

icmp-reachable

A strange behavior was observed by Synacktiv experts during the security assessment of a stateful firewall implementation... After few coffees & RFCs it was understood that it could be a generic issue that might affect multiple IP stacks. So... What is a strange firewall behavior ?

rutorrent code review

Opportunistic and quick review of rutorrent's overall security.

Using your BMC as a DMA device: plugging PCILeech to HPE iLO 4

2018 has been a really tough year for BMCs! Although their attack surface was not something new (IPMI has been studied by Dan Farmer back in 2013, followed by a state-of-the-art blogpost by HD Moore), recent studies have shed light on how powerful these devices are in the servers, being able to directly access the main host memory, and how poor their code quality and software mitigations were.

Code Check(mate) in SMM

Some time ago I started reversing an AMI firmware from a quite up-to-date computer (2017/2018). While I was reversing a System Management Mode (SMM) driver, I noticed an interesting code change: during initialization, the SMM driver search for a SMM configuration table with a GUID named EFI_SMM_RUNTIME_SERVICES_TABLE_GUID 1. The …

Binder transactions in the bowels of the Linux Kernel

Binder is the main IPC/RPC (Inter-Process Communication) system in Android. It allows applications to communicate with each other and it is the base of several important mechanisms in the Android environment. For instance, Android services are built on top of Binder. Message exchanged with Binder are called binder transactions, they can transport simple data such as integers but also process more complex structures like file descriptors, memory buffers or weak/strong references on objects. There are a lot of interesting Binder documentations available on the Internet but quite few details on how messages are translated from a process to another. This article tries to describe how Binder handles messages and performs translations of complex objects (file descriptors, pointers) between different processes. For this, a binder transaction will be followed from userland to the binder kernel.

Kinibi TEE: Trusted Application exploitation

For a while now, Android devices and many embedded systems have used a Trusted Execution Environment (TEE) to host some security functions (like hardware crypto/key, DRM, mobile payment, biometric authentication, ...). On ARM platforms, TEE are small operating systems which use the ARM TrustZone technology to isolate their execution from …

Page 1 / 3 »