Publications

Exploring GrapheneOS secure allocator: Hardened Malloc

22/09/2025
Exploit
Système
Reverse-engineering
GrapheneOS est un système d'exploitation mobile dérivé d'Android qui met l'accent sur la sécurité et la protection de la vie privée. Afin de renforcer davantage la sécurité de leur produit, les développeurs de GrapheneOS ont introduit un nouvel allocateur pour la libc : hardened malloc. Cet allocateur bénéficie d'une conception axée sur la sécurité visant à protéger les processus contre les vulnérabilités de corruption mémoire courantes. Cet article détaillera son architecture interne et la manière dont les mécanismes de protection so...

Defend against vampires with 10 gbps network encryption

13/09/2024
Réseau
Cryptographie
Pentest
Système
Discover how attackers can sniff your data on network cables and how you can defend against it, by encrypting on-the-fly all your ethernet traffic with very good performance. Keywords : wireguard, vxlan, tapping, fiber optics, lan2lan, macsec

Battle of the parsers: PEG vs combinators

25/07/2024
Développement
Outils
Système
In this article we will compare two parsing strategies : PEG based and combinators based, from a developer's perspective, to parse Strace output for the SHH (Systemd Hardening Helper) Rust project.

iOS: a journey in the USB networking stack

30/04/2024
Système
In this article, we give a small journey inside the implementation of networking interfaces exposed by iOS when connected via USB. These are used for sharing a computer's connection with iPhone (tethering), sharing an iPhone's connection with a computer (reverse tethering) and since the latest versions of iOS, USB networking even carries RemoteXPC packets which seems to be the future common ground for all Apple based cross-device communications.

Writing a decent win32 keylogger [3/3]

21/12/2023
Outils
Système
In this series of articles, we talk about the ins and out of how to build a keylogger for Windows that is able to support all keyboard layouts and reconstruct Unicode characters correctly regardless of the language (excluding those using input method editors). In the first part, after a brief introduction introducing the concepts of scan codes, virtual keys, characters and glyphs, we describe three different ways to capture keystrokes (GetKeyState, SetWindowsHookEx, GetRawInputData) and the differences between those techniques. In t...

Writing a decent win32 keylogger [2/3]

21/12/2023
Outils
Système
In this series of articles, we talk about the ins and out of how to build a keylogger for Windows that is able to support all keyboard layouts and reconstruct Unicode characters correctly regardless of the language (excluding those using input method editors). In the first part, after a brief introduction introducing the concepts of scan codes, virtual keys, characters and glyphs, we describe three different ways to capture keystrokes (GetKeyState, SetWindowsHookEx, GetRawInputData) and the differences between those techniques. In t...

Writing a decent win32 keylogger [1/3]

21/12/2023
Outils
Système
In this series of articles, we talk about the ins and out of how to build a keylogger for Windows that is able to support all keyboard layouts and reconstruct Unicode characters correctly regardless of the language (excluding those using input method editors). In the first part, after a brief introduction introducing the concepts of scan codes, virtual keys, characters and glyphs, we describe three different ways to capture keystrokes (GetKeyState, SetWindowsHookEx, GetRawInputData) and the differences between those techniques. In t...

Credential Stuffing: Speeding up massive leaks databases

05/05/2023
Système
Despite the increasing usage of cross-origin authentication, password-based authentication is still massively used by people having to log into an account. With a minimal length, upper letters, digits, special characters or any constraints, people tend to reuse old passwords with little improvements. But when a website or any service is breached, then it is possible to use those for credentials replaying, password spraying or cracking attacks. In order to achieve these kinds of attacks, we have to store and query a huge ...