Previous blog posts addressed the issue of static artefacts that can easily be caught by security software, such as strings and API imports:
This one provides an additional layer of obfuscation to target another kind of detection mechanism used to monitor a program’s activity, i.e userland hooks.
Continue reading Engineering antivirus evasion (Part III)
In our journey to try and make our payload fly under the radar of antivirus software, we wondered if there was a simple way to encrypt all the strings in a binary, without breaking anything. We did not find any satisfying solution in the literature, and the project looked like a fun coding exercise so we decided it was worth a shot.
Continue reading Statically encrypt strings in a binary with Keystone, LIEF and radare2/rizin
This blog post accompanies the talk we gave at Insomni’hack 2022. The source code as well as the slides can be found at:
Continue reading Automatically extracting static antivirus signatures
It’s was a pleasure this year to meet you at the 2022 edition of our amazing security conference Insomni’hack !
With Splunk collaboration, we come back this year with “Splunk Boss Of The SOC” challenge.
Continue reading Splunk Boss Of The SOC (BOTS) @Insomni’hack
The Apiculture challenges are dedicated to API attacks. The second level basically looks like a webpage dedicated to beehives:
Continue reading Apiculture 2 write-up
The Apiculture challenges are dedicated to API attacks. It is basically a honey’s addict website:
Continue reading Apiculture 1 write-up
The GDBug file is an ELF binary:
Continue reading GDBug write-up
As SCRT’s blue teamers, we often deal with Security Operations Centers (SOCs). Being able to interact with many different SOCs for our consultancy service gives us the possibility to understand the main challenges a SOC faces and how to solve them.
Continue reading SOCs real-life challenges & solutions