Fragscapy: Fuzzing protocols to evade firewalls and IDS
Fragscapy is a tool that aims at detecting flaws in firewall and IDS by fuzzing the network messages sent through it. This open source project is available at [Amossys’ Github]
MemITM, a memory fuzzer/sniffer
The MemITM tool has been developped in order to allow intercepting really easily « messages » in Windows processes memory.
Portable Executable format, compilation timestamps and /Brepro flag
Portable Executable binaries embed timestamps stored by the compiler, which may in some cases appear inconsistent.
Threat Hunting (Recherche de compromissions)
La recherche de compromissions (ou Threat Hunting pour les anglophones) consiste basiquement à rechercher sur un système d’information a priori sain si une présence […]
BADFLICK is not so bad!
We present here an in-depth analysis of the BADFLICK backdoor, which is used by the TEMP.Periscope group also known as « Leviathan ».
The Windows 10 TH2 INT 2E mystery
Since Windows 10 TH2, NTDLL’s syscall routines have changed: syscalls can now be performed with the `SYSCALL` instruction, and with the `INT 2E` old one.
DIMCT
We developped a small tool, « DIMCT » which simply allows tracing inter module calls, without a too big overhead.
Teampass < 2.1.27.9 multiple vulnerabilities
As part of its evaluation centre work, Amossys led a security review of Teampass 2.1.27.8. Multiple security vulnerabilities were found, and here are the CVE publications.
BreizhCTF 2k17 Write-Ups
Amossys was a sponsor of the [BreizhCTF 2k17](http://www.breizhctf.com/), a French hacking competition over a single night (April 28-29th).
Virtualization Based Security – Part 2: kernel communications
This blog post is a second article covering Virtualization Based Security and Device Guard features.