Rechercher
Switch Language

The reverse-engineering team presentation

Rédigé par Tiphaine Romand-Latapie , Eloi Benoist-Vanderbeken , Fabien Perigaud , Clément Berthaux - 13/04/2022 - dans Reverse-engineering - Téléchargement
A lot of candidates, or simply fellow reversers, ask us how our team usually works: what kind of technologies are we looking into? What kind of projects? Do we work solo? How do we handle remote? etc.

The goal of this blogpost is to share what we can about our internals, so you don't have to reverse us.

The people

As of today, the team consists of more than 35 reversers, between 23 and 47 years old. We have offices in different locations in France: half of the team is based in Paris, 4 people in Toulouse, 5 in Lyon and 8 in Rennes. We also have a few team members in full remote in other cities in France.
The team is led by four people today: Tiphaine manages the team as a whole, while Eloi, Fabien and Clément focus more on technically supporting the team on its various projects.
The profiles are quite varied, we have juniors and seniors, Ph.D and bootcamp-style schools alumni.
 
 

Our Projects

We help our clients qualify their risks: we perform deep-dive evaluations in both black and white box. Typically, that means that we perform vulnerability research and go as far as proof of exploitation so that our clients can really measure their exposure. That also means that we need to deal with low-level understanding of our target, should it be hardware or software.
 
Imagine a client building a product, the security of which will be critical for its success and the brand of the company. This client has a couple of catastrophe scenarios in mind and wants to see whether or not they are realistic in a specific time frame. They call us, explain the scenarios and ask us to try to implement them.
 
We have the opportunity to work on many different layers and technologies, either through our clients' requests or through our R&D work. For example, see the list of our past published works:
  • ... and all the rest that we cannot publish.
 

Day-to-day work

The mean workload for our projects is around 100 men-days, so we are talking about projects spanning weeks or months.
Our standard setup is to have two team members minimum on a project, coordinated by one of the three technical team leaders. Those three people can be in the same location, or not. Our infrastructure allows us to work very well remotely. The team members and technical leader are handpicked for each project, so anyone has the chance to work with different team members and technical leaders. 
 
People are driven by different things: it can be the technical challenge, the client impact or the studied technology itself. Some people like to invest years in getting in-depth knowledge of a technology, others like to see different systems or work with different clients. We try to accommodate as much as possible those wishes and needs when we affect the projects.
 
What a standard week in the team looks like:
  •  One short meeting on Monday (less than 30 minutes) between the project tandem and the assigned technical leader following this project: the idea is to take the time to think about where the team is going, discuss any issues arising, bring a new perspective, etc. 
  • The rest of the week, the tandem works on the project. We have guidelines on how to conduct a project successfully, but we let the team members choose the way of working that fits that specific tandem best. For example, some tandems are in an all-day video-call, others only meet once a week and communicate via chat the rest of the time and others do a mix of both.
  • One team meeting on Friday (less than an hour): the global news of the company and the team are shared. Then each team member does a quick recap of their week. 
    
We work on a personal laptop, with enough RAM and space to make sure VMs and fuzzing are not an issue! Of course, we also use dedicated fuzzing servers for greedy campaigns.
 
Finally, our projects are quite long and challenging. When team members feel they need to take some air, we arrange a couple of weeks on an R&D or a "short project". 
 

R&D/publications

Like for all people working at Synacktiv, we offer the possibility for our team to have some time dedicated to what we call "R&D". They are projects chosen by team members: it can be a willingness to try the PWN2OWN competition, to dig into the PS4 or a recently published vulnerability or to take some time to develop a tool the team member feels is missing.
 
Once the team member has their idea, they request a dedicated time: they describe shortly their idea, where they want to go with it and the number of dedicated days they request.
They usually request a couple of days first to begin preliminary work and evaluate how much effort should be invested. If it's a "short" effort, they usually ask for the required days once they have finished their preliminary work. If it's a bigger effort, the days will be requested iteratively when it's the most convenient for the team member and their ongoing client project. Some R&D span 5 men-days, others can go up to 85 men-days (spread out over several months).
 
Sometimes team members work alone on their R&D and other times they work in groups. For example, at the 2021 PWN2OWN Austin, 11 team members worked in teams of 2 or 3 people on different devices.
 
Our R&D usually ends with a publication: either a tool on our GitHub, a blogpost or a conference. Sometimes, it's an internal publication: a presentation to the team or a written resource on the methodology they used and lesson learned. You can find all our publications on our blog or the "resources" part on our website. 
 

Whom are we looking for? 

In a nutshell: people with a strong technical level, with already a bit (or a lot) of experience. It can be personal or professional experience: a personal project on GitHub, a nice CTF or Root-Me scoreboard, a research project documented in a blogpost or a previous professional experience in low-level development, vulnerability research, etc.
 
We don't look into a specific number of years of professional experience, we have team members who have just finished their studies and we hire the great majority of our interns. 
 
Right now, the team is francophone, so we need French-fluent candidates. If it changes in the future, we will make sure to communicate the news.
 
We are completely open to people with a different profile, so if you are interested in joining the team, feel free to send us an email at apply@synacktiv.com! To put all chances on your side, list any concrete experience that may help us evaluate where you are in your technical journey.
 
If you want to know more about our recruitment process, you can find information on the dedicated page.
 
 

 

Autres publications

PHP filter chains: file read from error-based oracle

The possibilities allowed by filter chains will never stop amazing us. Last time we saw that using them in a PHP file inclusion function would lead to remote code execution. Since then, another way to...
Rémi Matasse - 21/03/2023 - Pentest

Hardware investigation of wireless keyloggers

When a hardware keylogger is found on a computer, you can assume the user account and its secrets are compromised. In this article, we will present how to get access to the data stored on both a basic...
Antoine Cervoise - 03/03/2023 - CSIRT , Hardware

CI/CD secrets extraction, tips and tricks

This article aims at describing how to exfiltrate secrets that are supposed to be securely stored inside CI/CD systems. For that purpose, the examples of Azure DevOps and GitHub Actions will be detail...
Hugo Vincent , Théo Louis-Tisserand - 01/03/2023 - Pentest

Nous contacter

01 45 79 74 75
contact@synacktiv.com
Clé GPG

PARIS

5 boulevard Montmartre
75002 Paris

TOULOUSE

4 Rue du Pont Guilhemery
31000 Toulouse

LYON

56 rue Smith
69002 Lyon

RENNES

7D Rue de Châtillon
35000 Rennes
Copyright © Synacktiv 2023