Publications

Using ntdissector to extract secrets from ADAM NTDS files

06/12/2023 During the development of ntdissector, we stumbled upon an AD Lightweight Directory Services (LDS) instance used by an internal application of a customer to store data. Just like AD DS, AD LDS stores the data inside a dit file: adamntds.dit. However, all known tools failed to parse this file while it looks a lot like a NTDS.dit file. In our research, we eventually found an article in cache already explaining a lot of differences with a standard NTDS.dit file. Unfortunately, the associated code was no longer available on GitHub. This ...

Pcapan: a PCAP analysis helper

22/11/2023 This post showcases a small but very useful tool that can be used to classify expected and suspicious traffic in a network capture file, and, more importantly, what the process is for writing such a tool.

systemd hardening made easy with SHH

07/11/2023 Introducing SHH, Systemd Hardening Helper, a tool written in Rust to automatically build a set of hardening options for a service using runtime profiling.

Introducing ntdissector, a swiss army knife for your NTDS.dit files

22/09/2023 This article tells our journey inside the ESE database and the NTDS features that led us to produce the ntdissector tool, suitable for offensive and defensive actions.

Captain Hook - How (not) to look for vulnerabilities in Java applications

19/01/2022 During my 6-months intership, I developed a tool to ease vunerability research on Java applications. I used several software and libraries, and faced a number of issues throughout the development of this tool, Captain Hook. This article describes Captain Hook's development process from the beginning along with its challenges.

Dissecting NTLM EPA with love & building a MitM proxy

14/01/2022 Why you never managed to connect to this fre*king NTLM EPA protected website and how to finally reach it.

Cracking Radmin Server 3 passwords

17/09/2021 Reverse-engineering a hashing mechanism and optimizing password cracking

Writing a (toy) symbolic interpreter, and solving challenges, part 4

30/07/2021 This is the last part of series, where we solve the challenge using our symbolic interpreter, and an external SMT solver. Huge success!

Writing a (toy) symbolic interpreter, and solving challenges, part 3

28/07/2021 In this installment, we turn the concrete interpreter into a symbolic interpreter. How exciting!

Writing a (toy) symbolic interpreter, and solving challenges, part 2

23/07/2021 In the second part of this series, we write a concrete interpreter for a subset of WebAssembly.