Discover the latest news from SCRT's team
Previous blog posts addressed the issue of static artefacts that can easily be caught by security software, such as strings and API imports:
This one provides an additional layer of obfuscation to target another kind of detection mechanism used to monitor a program’s activity, i.e userland hooks.
Continue reading Engineering antivirus evasion (Part III)In our journey to try and make our payload fly under the radar of antivirus software, we wondered if there was a simple way to encrypt all the strings in a binary, without breaking anything. We did not find any satisfying solution in the literature, and the project looked like a fun coding exercise so we decided it was worth a shot.
Continue reading Statically encrypt strings in a binary with Keystone, LIEF and radare2/rizinThis blog post accompanies the talk we gave at Insomni’hack 2022. The source code as well as the slides can be found at:
https://github.com/scrt/avdebugger
Continue reading Automatically extracting static antivirus signaturesIt’s was a pleasure this year to meet you at the 2022 edition of our amazing security conference Insomni’hack !
With Splunk collaboration, we come back this year with “Splunk Boss Of The SOC” challenge.
Continue reading Splunk Boss Of The SOC (BOTS) @Insomni’hackThe Apiculture challenges are dedicated to API attacks. The second level basically looks like a webpage dedicated to beehives:
Continue reading Apiculture 2 write-upThe Apiculture challenges are dedicated to API attacks. It is basically a honey’s addict website:
Continue reading Apiculture 1 write-upThe GDBug file is an ELF binary:
Continue reading GDBug write-upAs SCRT’s blue teamers, we often deal with Security Operations Centers (SOCs). Being able to interact with many different SOCs for our consultancy service gives us the possibility to understand the main challenges a SOC faces and how to solve them.
Continue reading SOCs real-life challenges & solutionsTL;DR: we reproduced Denis Andzakovic’s proof-of-concept showing that it is possible to read and write data from a BitLocker-protected device (for instance, a stolen laptop) by sniffing the TPM key from the LCP bus.
Continue reading TPM sniffingDuring the first wave of Covid and most people locked up at home, I wanted to engage with my colleagues in various departments here at SCRT by having them answer a simple survey. The survey related to what actions they would recommend and prioritize in order to secure the information system of a random company, which had just received notification that a cyberattack was imminent.
Continue reading Internal security recommendations survey