ESGI Security Day 2016: "InjectMe: When Your Browser Becomes Your Enemy" conference and CTF

Intrinsec was present on Thursday, March 3, 2016 for the fourth edition of ESGI's Security Day.

We were present firstly on the conference side, with our security consultant Adrien Moutard who spoke on the topic "InjectMe: When your browser becomes your enemy".

He initially unveiled his research on code injection, and more specifically DLL injection, as well as the "Injectme" tool developed for the occasion.

Next, the "DllGrabber" DLL was presented; it allows, just like banking malware, the theft of identifiers entered in the browser by setting up hooks on key functions.

The slides and demonstration videos are available here: https://bitbucket.org/C4t0ps1s/presentation/src/master/Presentation%20Security%20Day%20HackLab%20ESGI%202016-03-03/?at=master
The source code for the tools is available here:

• Inject: https://bitbucket.org/C4t0ps1s/injectme
• DllGrabber: https://bitbucket.org/C4t0ps1s/dllgrabber

 

We were also present on the recruitment side, of course. If you missed the opportunity, you can still contact us.

Come to the #SecurityDay of the’@ESGI !! We're going to talk to you about our passion 🙂 @HacklabESGI @Intrinsec_Secu pic.twitter.com/PnY9T5eAUM

— Sira-Charlotte C. (@sc_carrere) March 3, 2016

 

Finally, four Intrinsec consultants remained to participate in the CTF in the team that finished second at the end of this night of close competition!

We thank the ESGI HackLab for the organization of this long day.