Here is the report of the third and final day of the SSTIC 2014 edition.

THE social event Having been through it myself, this report is a little lighter 🙂

«"Development of an intermediate representation for concolic execution and data marking under Windows" – Sébastien Lecomte

Introducing FuzzWin, a tool for instrumenting binaries (intercepting system calls, instructions, etc.).

 

«"Python Code Obfuscation: Improving Existing Techniques" – Ninon Eyrolles & Serge Guelton

Introducing Python-pack, a packer that makes Python 2.7 code unreadable (permutation of the instruction set, addition of new opcodes, encryption of constant strings, transformation of if statements into while loops, automatic translation into pseudo-functional code, etc.).

 

«"DRM Deobfuscation via Side Attacks" – Camille Mougey & Francis Gabriel

Introducing pTra (Python TRace Analyser), a tool that facilitates the understanding of a DRM algorithm (constant detection to identify cryptographic algorithms, input/output analysis, data slicing, etc.).

 

«Example of strengthening the security of a critical infrastructure operator» – Victor Vuillard

Victor Vuillard works at EDF in the nuclear sector. He presented the specific characteristics of his field compared to more "conventional" environments. Mindsets differ: there is a strong focus on safety in the nuclear sector, facilitating the implementation of certain security policies. There are also similarities between the nuclear sector and cybersecurity: concepts of defense in depth, preventative measures, monitoring, and response.

 

Short presentation: "Securing dynamic resource management in the cloud: taking control of triggering automatic virtual machine migrations" – Haiming Zheng, Jalel Ben-Othman, Kahina Lazri, and Sylvie Laniepce

The DRS algorithm used by VMware to migrate virtual machines (VMs) has been studied, and an attack has been demonstrated. By abusing the resources consumed by one or more VMs, it is possible to force the migration of that VM(s). This allows for the compromise of resources across an entire cluster (permanent VM migration).

 

Short presentation: "RpcView: a tool for exploring and decompiling MS RPC" – Jean-Marie Borello, Jérémy Bouétard, Julien Boutet, and Yoanne Girardin

Starting from the observation that there is no equivalent to ProcessExplorer or ProcessHacker for RPCs, Jean-Marie Borello, Jérémy Bouétard, Julien Boutet and Yoanne Girardin developed a tool to decompile RPCs: Rpcview.

 

Short presentation: "Haka: a network and security-oriented language" – Kevin Denis, Mehdi Talbi, Paul Fariello, and Pierre Sylvain Desse

Haka is a language for defining security rules and performing protocol dissection. It is designed to be modular and allows for the easy definition of dissectors and filtering rules, as well as the modification or injection of network flows.

 

«Miasm Tutorial» – Fabrice Desclaux

Presentation of the new features added to Miasm since SSTIC 2012 through a demonstration (carried out at a particularly fast pace!).