Publications

Fuzzing confused dependencies with Depfuzzer

25/09/2024
Tools
In the landscape of software development, leveraging open-source libraries and packages through registries like NPM, PyPI, Go modules, and Crates for Rust has become standard practice. This approach facilitates the rapid integration of diverse functionalities into applications, driving both innovation and efficiency across the development community. While the benefits of using these resources are clear, the management of external dependencies introduces a set of considerations regarding security and maintainability. Inspired by Alex ...

Battle of the parsers: PEG vs combinators

25/07/2024
Development
Tools
Systems
In this article we will compare two parsing strategies : PEG based and combinators based, from a developer's perspective, to parse Strace output for the SHH (Systemd Hardening Helper) Rust project.

👻 Souls without bodies, phantom types shenanigans 👻

26/04/2024
Tools
In this article, we will present strange data types that only exist in the realm of types, called phantom types. We will also briefly introduce GADTs, and how to emulate some of their safety guarantees in languages where they are not available. This simple technique can go a long way towards making APIs safer and more expressive.

Writing a decent win32 keylogger [3/3]

21/12/2023
Tools
Systems
In this series of articles, we talk about the ins and out of how to build a keylogger for Windows that is able to support all keyboard layouts and reconstruct Unicode characters correctly regardless of the language (excluding those using input method editors). In the first part, after a brief introduction introducing the concepts of scan codes, virtual keys, characters and glyphs, we describe three different ways to capture keystrokes (GetKeyState, SetWindowsHookEx, GetRawInputData) and the differences between those techniques. In t...

Writing a decent win32 keylogger [2/3]

21/12/2023
Tools
Systems
In this series of articles, we talk about the ins and out of how to build a keylogger for Windows that is able to support all keyboard layouts and reconstruct Unicode characters correctly regardless of the language (excluding those using input method editors). In the first part, after a brief introduction introducing the concepts of scan codes, virtual keys, characters and glyphs, we describe three different ways to capture keystrokes (GetKeyState, SetWindowsHookEx, GetRawInputData) and the differences between those techniques. In t...

Writing a decent win32 keylogger [1/3]

21/12/2023
Tools
Systems
In this series of articles, we talk about the ins and out of how to build a keylogger for Windows that is able to support all keyboard layouts and reconstruct Unicode characters correctly regardless of the language (excluding those using input method editors). In the first part, after a brief introduction introducing the concepts of scan codes, virtual keys, characters and glyphs, we describe three different ways to capture keystrokes (GetKeyState, SetWindowsHookEx, GetRawInputData) and the differences between those techniques. In t...

Frinet: reverse-engineering made easier

18/12/2023
Tools
Reverse-engineering
By combining Frida with an enhanced version of Tenet, Frinet facilitates the study of large programs, vulnerability research and root-cause analysis on iOS, Android, Linux, Windows, and most architectures.

Using ntdissector to extract secrets from ADAM NTDS files

06/12/2023
Tools
Pentest
During the development of ntdissector, we stumbled upon an AD Lightweight Directory Services (LDS) instance used by an internal application of a customer to store data. Just like AD DS, AD LDS stores the data inside a dit file: adamntds.dit. However, all known tools failed to parse this file while it looks a lot like a NTDS.dit file. In our research, we eventually found an article in cache already explaining a lot of differences with a standard NTDS.dit file. Unfortunately, the associated code was no longer available on GitHub. This ...

Pcapan: a PCAP analysis helper

22/11/2023
Tools
Reverse-engineering
This post showcases a small but very useful tool that can be used to classify expected and suspicious traffic in a network capture file, and, more importantly, what the process is for writing such a tool.

systemd hardening made easy with SHH

07/11/2023
Development
Tools
Systems
Introducing SHH, Systemd Hardening Helper, a tool written in Rust to automatically build a set of hardening options for a service using runtime profiling.