Projects

Publications

seccomp-nurse: sandboxing environment

Introduction and release of seccomp-nurse, a new sandboxing method based on SECCOMP. It is designed to run applications in a kind of jail (enforced by the kernel). It does not use ptrace() at all and does not suffer from common flaws of systrace-like projects.
slides

Playing with ptrace() for fun and profit

ptrace is one of the least documented and most obscure syscall available on Linux. The SunOS man page event describes ptrace() as "unique and arcane" and this is partly right. This report presents the ptrace undocumented features, why theses options are interesting and how to use them when injecting code into processes. Finally, we present multiple use-cases based on ptrace(), among one showing an evasion attack of the applicative firewall NuFW.
slides
paper
SSTIC, , France.

VoIP security: audit of a blackbox environment

We present a blackbox audit of a Cisco VoIP network where we targeted the end-point devices and the protocols involved (SCCP, CDP, TCP/IP stack). This reports show our methodology, tools implemented for the audit, protocols reverse engineering, binary analysis and finally, some abnormal behaviors encountered.
slides

ilty, I'm listening to you!

This talks presents the architecture of a Cisco VoIP networks: its architecture, the protocols involved and the different devices. At that time, no documentation was available and the SCCP protocol had to been reverse-engineeredd in order to implement a call interception system, named ilty. The last part of the report talks about the hardening measure available and their limits.
slides
paper