Publications

systemd hardening made easy with SHH

07/11/2023 Introducing SHH, Systemd Hardening Helper, a tool written in Rust to automatically build a set of hardening options for a service using runtime profiling.

Introducing ntdissector, a swiss army knife for your NTDS.dit files

22/09/2023 This article tells our journey inside the ESE database and the NTDS features that led us to produce the ntdissector tool, suitable for offensive and defensive actions.

Captain Hook - How (not) to look for vulnerabilities in Java applications

19/01/2022 During my 6-months intership, I developed a tool to ease vunerability research on Java applications. I used several software and libraries, and faced a number of issues throughout the development of this tool, Captain Hook. This article describes Captain Hook's development process from the beginning along with its challenges.

Dissecting NTLM EPA with love & building a MitM proxy

14/01/2022 Why you never managed to connect to this fre*king NTLM EPA protected website and how to finally reach it.

Cracking Radmin Server 3 passwords

17/09/2021 Reverse-engineering a hashing mechanism and optimizing password cracking

Writing a (toy) symbolic interpreter, and solving challenges, part 4

30/07/2021 This is the last part of series, where we solve the challenge using our symbolic interpreter, and an external SMT solver. Huge success!

Writing a (toy) symbolic interpreter, and solving challenges, part 3

28/07/2021 In this installment, we turn the concrete interpreter into a symbolic interpreter. How exciting!

Writing a (toy) symbolic interpreter, and solving challenges, part 2

23/07/2021 In the second part of this series, we write a concrete interpreter for a subset of WebAssembly.

Writing a (toy) symbolic interpreter, and solving challenges, part 1

19/07/2021 Writing a symbolic interpreter, and wiring it to a solver in order to solve reverse engineering challenges (or other uses), might seem like a daunting task. Even simply using an existing symbolic interpretation framework is far from easy when one has no experience in it. This serie of articles will describe, throughout the summer, how such an engine is built, and showcase implementation tricks and some trade offs to be aware off. Do not worry, the interpreter will be kept as simple as possible though! In the end, we...

Unleash the dino: Time-based strategies to improve password cracking

23/12/2020 In this article we share technical details on how Kraqozorus automatically generates password cracking strategies that improve both the number of cracked hashes and time required to run the attacks.