Publications

Laravel: APP_KEY leakage analysis

10/07/2025 In November 2024, Mickaël Benassouli and I talked about vulnerability patterns based on Laravel encryption at Grehack. Although, each discovered vulnerability requires access to a Laravel secret: the APP_KEY, we emphasized the security risks involved and highlighted how this secret is often insecurely exposed in public projects. The story did not stop there, we gathered a huge chunk of APP_KEY and developed a new tool to identify vulnerable patterns from a set of publicly exposed Laravel applications. This blog post sums up our...

Diving into ADB protocol internals (2/2)

16/12/2024 Our previous article laid the groundwork for understanding the ADB protocol and its usage scenarios. It primarily focused on the TCP/IP communication between the ADB Client and the ADB Server. However, this still required at this point an intermediate server to bridge our client and the Android device. In this article, we'll dive into the message protocol between ADB Server and adbd, with the goal of improving our Rust client library with capacity to fully interact with a device, eliminating the need for system dependency installatio...

Fuzzing confused dependencies with Depfuzzer

25/09/2024 In the landscape of software development, leveraging open-source libraries and packages through registries like NPM, PyPI, Go modules, and Crates for Rust has become standard practice. This approach facilitates the rapid integration of diverse functionalities into applications, driving both innovation and efficiency across the development community. While the benefits of using these resources are clear, the management of external dependencies introduces a set of considerations regarding security and maintainability. Inspired by Alex ...

Diving into ADB protocol internals (1/2)

12/09/2024 For those having experience working on Android devices, you may already be familiar with a useful tool called adb. This tool is invaluable for debugging, offering a unified way to execute shell commands, transfer files, install APKs, and much more. In this first blogpost, we will explore its underlying protocol between client and server and introduce a Rust crate called adb_client implementing it.

Battle of the parsers: PEG vs combinators

25/07/2024 In this article we will compare two parsing strategies : PEG based and combinators based, from a developer's perspective, to parse Strace output for the SHH (Systemd Hardening Helper) Rust project.

👻 Souls without bodies, phantom types shenanigans 👻

26/04/2024 In this article, we will present strange data types that only exist in the realm of types, called phantom types. We will also briefly introduce GADTs, and how to emulate some of their safety guarantees in languages where they are not available. This simple technique can go a long way towards making APIs safer and more expressive.

Writing a decent win32 keylogger [3/3]

21/12/2023 In this series of articles, we talk about the ins and out of how to build a keylogger for Windows that is able to support all keyboard layouts and reconstruct Unicode characters correctly regardless of the language (excluding those using input method editors). In the first part, after a brief introduction introducing the concepts of scan codes, virtual keys, characters and glyphs, we describe three different ways to capture keystrokes (GetKeyState, SetWindowsHookEx, GetRawInputData) and the differences between those techniques. In t...

Writing a decent win32 keylogger [2/3]

21/12/2023 In this series of articles, we talk about the ins and out of how to build a keylogger for Windows that is able to support all keyboard layouts and reconstruct Unicode characters correctly regardless of the language (excluding those using input method editors). In the first part, after a brief introduction introducing the concepts of scan codes, virtual keys, characters and glyphs, we describe three different ways to capture keystrokes (GetKeyState, SetWindowsHookEx, GetRawInputData) and the differences between those techniques. In t...

Writing a decent win32 keylogger [1/3]

21/12/2023 In this series of articles, we talk about the ins and out of how to build a keylogger for Windows that is able to support all keyboard layouts and reconstruct Unicode characters correctly regardless of the language (excluding those using input method editors). In the first part, after a brief introduction introducing the concepts of scan codes, virtual keys, characters and glyphs, we describe three different ways to capture keystrokes (GetKeyState, SetWindowsHookEx, GetRawInputData) and the differences between those techniques. In t...

Frinet: reverse-engineering made easier

18/12/2023 By combining Frida with an enhanced version of Tenet, Frinet facilitates the study of large programs, vulnerability research and root-cause analysis on iOS, Android, Linux, Windows, and most architectures.