Publications

Writing a (toy) symbolic interpreter, and solving challenges, part 1

19/07/2021
Outils
Writing a symbolic interpreter, and wiring it to a solver in order to solve reverse engineering challenges (or other uses), might seem like a daunting task. Even simply using an existing symbolic interpretation framework is far from easy when one has no experience in it. This serie of articles will describe, throughout the summer, how such an engine is built, and showcase implementation tricks and some trade offs to be aware off. Do not worry, the interpreter will be kept as simple as possible though! In the end, we...

Investigating IDA Lumina feature

15/12/2020
Outils
Reverse-engineering
Lumina is a built-in function recognition feature of the well-known IDA pro disassembler that relies on an online signature database. Unfortunately, the database server is not available for local private use. Have you ever raged at a misstyped hotkey that sent your database content to the Lumina servers, wondered how it works, what kind of data is sent, and wished for a local server under your control? This blog post might answer some of your questions.

Looting Symfony with EOS

23/04/2020
Outils
Pentest
We wrote a new tool that automatically loots all sensitive information from misconfigured Symfony applications. This post describes the type of data it can loot and how. If you just want to use it, check our Github repo! So let's get started and see what we can grab from the web profiler.