Rechercher
Switch Language

Publications

Fuzzing confused dependencies with Depfuzzer

Fuzzing confused dependencies with Depfuzzer

25/09/2024
Outils
In the landscape of software development, leveraging open-source libraries and packages through registries like NPM, PyPI, Go modules, and Crates for Rust has become standard practice. This approach facilitates the rapid integration of diverse functionalities into applications, driving both innovation and efficiency across the development community. While the benefits of using these resources are clear, the management of external dependencies introduces a set of considerations regarding security and maintainability. Inspired by Alex ...
En savoir plus
Image title

Diving into ADB protocol internals (1/2)

12/09/2024
Développement
Outils
For those having experience working on Android devices, you may already be familiar with a useful tool called adb. This tool is invaluable for debugging, offering a unified way to execute shell commands, transfer files, install APKs, and much more. In this first blogpost, we will explore its underlying protocol between client and server and introduce a Rust crate called adb_client implementing it.
En savoir plus
Parsing strace output in Rust

Battle of the parsers: PEG vs combinators

25/07/2024
Développement
Outils
Système
In this article we will compare two parsing strategies : PEG based and combinators based, from a developer's perspective, to parse Strace output for the SHH (Systemd Hardening Helper) Rust project.
En savoir plus
Mask from the Phantom of the Opera

👻 Souls without bodies, phantom types shenanigans 👻

26/04/2024
Outils
In this article, we will present strange data types that only exist in the realm of types, called phantom types. We will also briefly introduce GADTs, and how to emulate some of their safety guarantees in languages where they are not available. This simple technique can go a long way towards making APIs safer and more expressive.
En savoir plus
Try to keylog this! (image from ghost in the shell with cybernetic hands typing on a keyboard)

Writing a decent win32 keylogger [3/3]

21/12/2023
Outils
Système
In this series of articles, we talk about the ins and out of how to build a keylogger for Windows that is able to support all keyboard layouts and reconstruct Unicode characters correctly regardless of the language (excluding those using input method editors). In the first part, after a brief introduction introducing the concepts of scan codes, virtual keys, characters and glyphs, we describe three different ways to capture keystrokes (GetKeyState, SetWindowsHookEx, GetRawInputData) and the differences between those techniques. In t...
En savoir plus
Try to keylog this! (image from ghost in the shell with cybernetic hands typing on a keyboard)

Writing a decent win32 keylogger [2/3]

21/12/2023
Outils
Système
In this series of articles, we talk about the ins and out of how to build a keylogger for Windows that is able to support all keyboard layouts and reconstruct Unicode characters correctly regardless of the language (excluding those using input method editors). In the first part, after a brief introduction introducing the concepts of scan codes, virtual keys, characters and glyphs, we describe three different ways to capture keystrokes (GetKeyState, SetWindowsHookEx, GetRawInputData) and the differences between those techniques. In t...
En savoir plus
Try to keylog this! (image from ghost in the shell with cybernetic hands typing on a keyboard)

Writing a decent win32 keylogger [1/3]

21/12/2023
Outils
Système
In this series of articles, we talk about the ins and out of how to build a keylogger for Windows that is able to support all keyboard layouts and reconstruct Unicode characters correctly regardless of the language (excluding those using input method editors). In the first part, after a brief introduction introducing the concepts of scan codes, virtual keys, characters and glyphs, we describe three different ways to capture keystrokes (GetKeyState, SetWindowsHookEx, GetRawInputData) and the differences between those techniques. In t...
En savoir plus
Frinet: reverse-engineering made easier

Frinet: reverse-engineering made easier

18/12/2023
Outils
Reverse-engineering
By combining Frida with an enhanced version of Tenet, Frinet facilitates the study of large programs, vulnerability research and root-cause analysis on iOS, Android, Linux, Windows, and most architectures.
En savoir plus
These aren't the secrets you were looking for

Using ntdissector to extract secrets from ADAM NTDS files

06/12/2023
Outils
Pentest
During the development of ntdissector, we stumbled upon an AD Lightweight Directory Services (LDS) instance used by an internal application of a customer to store data. Just like AD DS, AD LDS stores the data inside a dit file: adamntds.dit. However, all known tools failed to parse this file while it looks a lot like a NTDS.dit file. In our research, we eventually found an article in cache already explaining a lot of differences with a standard NTDS.dit file. Unfortunately, the associated code was no longer available on GitHub. This ...
En savoir plus
a capture of the WireShark tool

Pcapan: a PCAP analysis helper

22/11/2023
Outils
Reverse-engineering
This post showcases a small but very useful tool that can be used to classify expected and suspicious traffic in a network capture file, and, more importantly, what the process is for writing such a tool.
En savoir plus

Nous contacter

01 45 79 74 75
contact@synacktiv.com
Clé GPG

PARIS

5 boulevard Montmartre
75002 Paris

TOULOUSE

4 Rue du Pont Guilhemery
31000 Toulouse

LYON

56 rue Smith
69002 Lyon

RENNES

7D Rue de Châtillon
35000 Rennes

LILLE

7 Boulevard Louis XIV
59000 Lille
Copyright © Synacktiv 2024