ven 17/09/2021 - 16:06Reverse-engineering a hashing mechanism and optimizing password cracking
ven 30/07/2021 - 09:11This is the last part of series, where we solve the challenge using our symbolic interpreter, and an external SMT solver. Huge success!
mer 28/07/2021 - 10:00In this installment, we turn the concrete interpreter into a symbolic interpreter. How exciting!
ven 23/07/2021 - 10:05In the second part of this series, we write a concrete interpreter for a subset of WebAssembly.
lun 19/07/2021 - 19:01Writing a symbolic interpreter, and wiring it to a solver in order to solve reverse engineering challenges (or other uses), might seem like a daunting task. Even simply using an existing symbolic interpretation framework is far from easy when one has no experience in it. This serie of articles will describe, throughout the summer, how such an engine is built, and showcase implementation tricks and some trade offs to be aware off. Do not worry, the interpreter will be kept as simple as possible though! In the end, we...
mer 23/12/2020 - 08:09In this article we share technical details on how Kraqozorus automatically generates password cracking strategies that improve both the number of cracked hashes and time required to run the attacks.
mar 15/12/2020 - 13:25Lumina is a built-in function recognition feature of the well-known IDA pro disassembler that relies on an online signature database. Unfortunately, the database server is not available for local private use. Have you ever raged at a misstyped hotkey that sent your database content to the Lumina servers, wondered how it works, what kind of data is sent, and wished for a local server under your control? This blog post might answer some of your questions.
jeu 14/05/2020 - 09:50We wrote a new tool that automates the creation of efficient mutation rules for password crackers, such as John the Ripper or hashcat. This posts describes the high level ideas behind this tool, along with some history. If you just want to use it, check our Github repo!
jeu 23/04/2020 - 16:40We wrote a new tool that automatically loots all sensitive information from misconfigured Symfony applications. This post describes the type of data it can loot and how. If you just want to use it, check our Github repo! So let's get started and see what we can grab from the web profiler.
lun 01/10/2018 - 15:47iOS 12 has been released for a few weeks now. New major iOS versions often mean new kernelcache and dyld_shared_cache file formats. iOS12 is no exception to the rule and comes with an other surprise: Pointer Authentication Code (PAC) for the new A12 chip. This blogpost shows you how to deal with both by enhancing IDA. IDA 7.2 beta future release might add PAC and iOS12 kernelcache support but it will only be released in a few weeks and we think it will always be interesting to illustrate how to do it by ourselves. ...