Spectre V1 in userland

We will discuss the feasibility in real world of the Spectre V1 flaw from a cross-process, userland perspective.

Sodinokibi / REvil Malware Analysis

This article details the behavior of the Sodinokibi ransomware using static analysis with IDA Pro. Sodinokibi, also called REvil, […]

Linux RNG architecture

Focus on the architecture of the Linux random number generator, also known as `/dev/urandom`. How does it work? Is it secure?

Windows filter communication ports

Brief technical analysis of the Microsoft Windows « filter communication port » kernel communication mechanism with filtering drivers.

Fragscapy: Fuzzing protocols to evade firewalls and IDS

Fragscapy is a tool that aims at detecting flaws in firewall and IDS by fuzzing the network messages sent through it. This open source project is available at [Amossys’ Github]

MemITM, a memory fuzzer/sniffer

The MemITM tool has been developped in order to allow intercepting really easily « messages » in Windows processes memory.

Portable Executable format, compilation timestamps and /Brepro flag

Portable Executable binaries embed timestamps stored by the compiler, which may in some cases appear inconsistent.

Threat Hunting (Recherche de compromissions)

La recherche de compromissions (ou Threat Hunting pour les anglophones) consiste basiquement à rechercher sur un système d’information a priori sain si une présence […]

BADFLICK is not so bad!

We present here an in-depth analysis of the BADFLICK backdoor, which is used by the TEMP.Periscope group also known as « Leviathan ».

The Windows 10 TH2 INT 2E mystery

Since Windows 10 TH2, NTDLL’s syscall routines have changed: syscalls can now be performed with the `SYSCALL` instruction, and with the `INT 2E` old one.