Publications

Creating a "Two-Face" Rust binary on Linux

28/10/2025 In this article we will describe a technique to easily create a "Two-Face" Rust binary on Linux: an executable file that runs a harmless program most of the time, but will run a different, hidden code if deployed on a specific target host. This approach, which allows binding a binary to its environment, can be useful for a targeted malware payload or, more commonly, in a license protection mechanism. We will also detail how to make the "hidden" binary more difficult to inspect in memory.

LLM Poisoning [1/3] - Reading the Transformer's Thoughts

08/10/2025 Your local LLM can hack you. This three-part series reveals how tiny weights edits can implant stealthy backdoors that stay dormant in everyday use, then fire on specific inputs, turning a "safe" offline model into an attacker. This article shows how transformers encode concepts and how to detect them in its internal activations.

appledb_rs, a research support tool for Apple platforms

25/09/2025 Over the years, research on Apple platforms has become significantly more complex, largely due to the numerous countermeasures deployed by the Cupertino company. To address this challenge during our missions on these platforms, we developed appledb_rs: an open-source tool (https://github.com/synacktiv/appledb_rs) that extracts data from IPSW files (archives containing Apple firmware) and organizes it in a structured way, facilitating exploration and analysis.

Diving into ADB protocol internals (2/2)

16/12/2024 Our previous article laid the groundwork for understanding the ADB protocol and its usage scenarios. It primarily focused on the TCP/IP communication between the ADB Client and the ADB Server. However, this still required at this point an intermediate server to bridge our client and the Android device. In this article, we'll dive into the message protocol between ADB Server and adbd, with the goal of improving our Rust client library with capacity to fully interact with a device, eliminating the need for system dependency installatio...

Automated Network Security with Rust: Detecting and Blocking Port Scanners

06/12/2024 Did you ever wonder how IDS/IPS like Snort or Suricata were able to interact with the network stack of the Linux kernel ? Do you also happen to like Rust ? Well dear reader, this article is for you !

Battle of the parsers: PEG vs combinators

25/07/2024 In this article we will compare two parsing strategies : PEG based and combinators based, from a developer's perspective, to parse Strace output for the SHH (Systemd Hardening Helper) Rust project.

systemd hardening made easy with SHH

07/11/2023 Introducing SHH, Systemd Hardening Helper, a tool written in Rust to automatically build a set of hardening options for a service using runtime profiling.