by RSS Axelle Apvrille  |  Jul 04, 2017  |  Filed in: Industry Trends

This blog post is a summary of SSTIC, a major infosec conference held in France. As usual, this year’s conference came with excellent presentations. The sessions have been recorded, and the papers are available on the website, although most of the content is in French.

For a detailed wrap-up of SSTIC, please read @xme:

SSTIC is one of the few IT conferences which (1) ask authors to submit full papers, (2) from which you return with information or tools to work on, and (3) whose presentations are mostly in LaTeX ;)

Concerning the first point, I like to read papers during or after a conference to check out details, because you always miss some points in a presentation. As for the second point, there are many conferences where talks are like entertaining movies: you watch them, say "wow", laugh, etc. . . . but when you get back home, you realize you don't exactly know how they did what they demonstrated, or that this or that point was missing, etc., and two days later you forget all about it. SSTIC presentations, on the other hand, are perhaps more difficult to follow, but I believe their longevity is much better.

Technical Presentations

Allow me to summarize SSTIC with a table. The ratings are my own opinion: all the talks were really good, but how much I liked one obviously depended on my interest in the field. For more details, please read the SSTIC wrap-up or visit the SSTIC website.

Title

Code

My rating

Comments

OVH

 

2/5

 

Does not explain how VAC really works

OS Hardening with systemd

 

4/5

 

Many features I didn't know existed, e.g. system call filtering

Landlock sandboxing in Linux

not sure usable yet

3/5

 

Uncertain of motivation for this compared to Docker or LXC

Static Analysis and Runtime-Assertion Checking: Contribution to Security Counter-Measures

 

4/5

 

Methodology, named CURSOR, to analyze security of code. Uses Frama-C and E-ACSL. A bit difficult to use?

BinCAT: purrfecting binary static analysis

github

5/5

 

Abstract interpretation of x86 executables, implemented as an IDA Pro plugin. A pity it requires IDA Pro 6.9 as I have 6.8 ;)

Binary de-obfuscation: reconstructing virtual functions

github

5/5

 

Method to defeat virtualization-based obfuscation, by tainting input/output of virtualized functions. I'd like a tool for this...

Writing parsers like it is 2017

 

3/5

 

Okay, maybe I should have a look at Rust ;)

Caradoc PDF parser

github

3/5

 

Nice tool, but what's the difference between this and tools such as pdf-parser?

CrashOS

github

4/5

 

A binary that installs on the boot partition and tests hypervisors.

ProTIP: You Should Know What To Expect From Your Peripherals

github

3/5

 

I'd like a demo - seems a bit difficult to use

From academia to real world: a practical guide to Hitag-2 RKE system analysis

 

5/5

 

Mostly a confirmation that academic attacks on Remote Keyless Entry systems for car locking work in practice (with some additional tweaks). Interesting applied security.

Attacking microarchitectures from a web browser

 

5/5

 

I would have loved a demo

Binacle: full binary indexing

github

5/5

 

Binary search. Binaries are inserted in a database, cut into n-grams where n-grams are the smallest binary pattern unit (size to customize). Very useful. Make sure to install a recent version of cargo (rust package manager). Beware, the database gets huge quickly.

YaCo : collaborative reverse engineering

github

5/5

 

IDA Pro plugin to work with colleagues on a sample. I'm not a fan of solutions where the work gets committed to a git repository, but it's an idea.

Breaking Samsung Galaxy Secure Boot through Download mode

 

3/5

 

It's amusing that all this work started with a YouTube video!

Your elections have been hacked (or not)

 

3/5

 

The conclusion is that we don't know much, either side

Deploying TLS 1.3

 

4/5

 

Reduces the number of packets to establish a session + Perfect Forward Secrecy

DroneJack: Kiss your drones goodbye !

 

3/5

 

Forbids drones in a given sector by attacking their wifi. Interesting but limited to open wifis

Subscribers remote geolocation and tracking using 4G VoLTE enabled Android phone

 

3/5

 

Tracked with your phones...

Reverse engineering of connected toothbrush

github

5/5

 

Lol (guess whose session this was?) ;)

TV5Monde attack

 

3/5

 

To be honest, it's difficult to follow a talk after your own

Screenshots

 

The image above shows caradoc analyzing one of SSTIC's submissions. ;) This is the interactive mode.

 

This is my own tool to remotely control a smart toothbrush.

I've used binnacle, above, for several Android malware samples. I can indeed quickly find out which ones call getSubscriberId to retrieve the IMSI.

Interesting!

-- the Crypto Girl

by RSS Axelle Apvrille  |  Jul 04, 2017  |  Filed in: Industry Trends