In our journey to try and make our payload fly under the radar of antivirus software, we wondered if there was a simple way to encrypt all the strings in a binary, without breaking anything. We did not find any satisfying solution in the literature, and the project looked like a fun coding exercise so we decided it was worth a shot.
Continue reading Statically encrypt strings in a binary with Keystone, LIEF and radare2/rizinAutomatically extracting static antivirus signatures
This blog post accompanies the talk we gave at Insomni’hack 2022. The source code as well as the slides can be found at:
https://github.com/scrt/avdebugger
Continue reading Automatically extracting static antivirus signaturesSplunk Boss Of The SOC (BOTS) @Insomni’hack
It’s was a pleasure this year to meet you at the 2022 edition of our amazing security conference Insomni’hack !
With Splunk collaboration, we come back this year with “Splunk Boss Of The SOC” challenge.
Continue reading Splunk Boss Of The SOC (BOTS) @Insomni’hackApiculture 2 write-up
The Apiculture challenges are dedicated to API attacks. The second level basically looks like a webpage dedicated to beehives:
Continue reading Apiculture 2 write-upApiculture 1 write-up
The Apiculture challenges are dedicated to API attacks. It is basically a honey’s addict website:
Continue reading Apiculture 1 write-upGDBug write-up
The GDBug file is an ELF binary:
Continue reading GDBug write-upSOCs real-life challenges & solutions
Introduction
As SCRT’s blue teamers, we often deal with Security Operations Centers (SOCs). Being able to interact with many different SOCs for our consultancy service gives us the possibility to understand the main challenges a SOC faces and how to solve them.
Continue reading SOCs real-life challenges & solutionsTPM sniffing
TL;DR: we reproduced Denis Andzakovic’s proof-of-concept showing that it is possible to read and write data from a BitLocker-protected device (for instance, a stolen laptop) by sniffing the TPM key from the LCP bus.
Continue reading TPM sniffingInternal security recommendations survey
During the first wave of Covid and most people locked up at home, I wanted to engage with my colleagues in various departments here at SCRT by having them answer a simple survey. The survey related to what actions they would recommend and prioritize in order to secure the information system of a random company, which had just received notification that a cyberattack was imminent.
Continue reading Internal security recommendations surveyEvent Masker – 2021.08 Release
We are proud to announce a new release for Event Masker, with many productivity tweaks and significant enhancements.
Continue reading Event Masker – 2021.08 Release