This year I again participated in the Insomni'hack conference held in Geneva, Switzerland. The conference started off with workshops, including mine on Android malware reversing - provided at cost. The workshop's virtual environment for reversing can be downloaded here from github. [Read More]
by RSS Axelle Apvrille  |  Apr 02, 2017  |  Filed in: Industry Trends & News
Codegate CTF is an annual global white hat hacking competition held annually in Seoul, South Korea since 2008. This year, I participated Codegate CTF Final competition as a member of CLGT-Meepwn, a CTF team consisting of vnsecurity.net's members and students from local university in Vietnam. My teammates and I qualified as “Senior Competition” finalists (there is another “Junior Competition” category for students) after competing against hundreds of teams from more than 70 countries around the world during a 48-hour... [Read More]
by RSS Tony Loi  |  May 10, 2016  |  Filed in: Industry Trends & News
Insomni'hack's CTF included iOS challenges, but also an Android challenge in two parts. The write-up of part 1 of the Android challenge can be found on SCRT's blog. It is quite complicated, but in the end, we get a decrypted filesystem with the flag for part 1, and an Android application to investigate for part 2 (download) 87f10242d7662a9cf8158bd85e4a17df9279a961f1d2a2e469cfd1be5501bfa1 ch.scrt.insomnidroid-1.apk According to the text of part 2, we are meant to find a way to buy movies without paying. The applications launches... [Read More]
by RSS Axelle Apvrille  |  Apr 04, 2015  |  Filed in: Security Research
Insomni'hack's CTF included a couple of mobile challenges I was happy to look into. All could be solved with or without a mobile phone. iBadMovie part 1 We are given a zip file which contains an iOS application and 'a copy of folders on the device' (iExplorer path):   39836648 2015-03-07 00:26 iBadMovie.ipa 0 2015-03-12 15:12 iExplorer/ 0 2015-03-12 15:12 iExplorer/Documents/ 0 2015-03-12 15:12 iExplorer/Library/ 0 2015-03-12 15:12 iExplorer/Library/Caches/... [Read More]
by RSS Axelle Apvrille  |  Mar 26, 2015  |  Filed in: Security Research
This year, I participated to Insomni'hack's CTF with the 3 other (remote) members of the pic0wn team. I'll address the challenges I personally solved in the next few posts: this post concerns a Web and a Forensic challenge, next post concerns iOS challenges. You'll see for yourselves that some challenges were really easy. To be perfectly honest, I found that some challenges were really _too_ easy, but the organizers' idea was that everyone should have fun, and I certainly agree with this, so after all... Alert: the following... [Read More]
by RSS Axelle Apvrille  |  Mar 25, 2015  |  Filed in: Security Research
This year again, I was happy to participate to Insomni'hack, in Geneva. As in all other editions, questions at the end of my Symbian / Android talks had invariably been 'are there malware on iOS?', I decided it was time I specifically addressed the question. I think I made my point that malware for iOS do exist, even on non jailbroken phones, but they are rare. And the latest PawnStorm iOS malware we reversed (live during the talk ;) has something strange about it: partially works on stock iPhone but looks like it was implemented... [Read More]
by RSS Axelle Apvrille  |  Mar 23, 2015  |  Filed in: Security Research
The main issue with Hack.Lu this year was that there were too many interesting things in parallel: interesting talks, workshops, CTF... :) Talks 19 year old Filippo Valsorda talked about the setup of https://filippo.io/Heartbleed/ (heartbleed testing website) and his surprise at how many requests the website got. Several end-users also misunderstood the site and thought he would fix the issue, not just say if vulnerable. Attila Marosi presented his reverse engineering of some leaked Android FinSpy spyware. His tools to run a fake FinFisher server... [Read More]
by RSS Axelle Apvrille  |  Nov 10, 2014  |  Filed in: Security Research
This year, I was happy to speak at Hack.lu on hiding and revealing code inside DEX executables (slides and paper to be posted soon). The conference also traditionally hosts a CTF to which I participated in this year with two other friends. Several write-ups are already available for that CTF at https://pads.ccc.de/tZxDNFlp19. I'll add to the list a write-up for the RoboAuth challenge. Actually, the text of the challenge does not say anything interesting apart that we are to download this executable: https://ctf.fluxfingers.net/static/downloads/roboauth/RoboAuth.exe and... [Read More]
by RSS Axelle Apvrille  |  Oct 28, 2013  |  Filed in: Security Research