Links to reports from other days:

• Day 1
• Day 2
• Day 3

MacOS X: System Integrity Protection (Nicolas RUFF)

•  Permanent link
•  Video of the presentation

The speaker presents SIP (System Integrity Protection) from macOS X, a security mechanism designed to limit user privileges. root : no access to the memory of signed Apple processes, no loading of unsigned kernel modules, read-only access to certain directories such as "/System", etc. The goal of SIP is to preserve the operating system against permanent loss of integrity.

Several security issues identified in SIP (some of which have reportedly been fixed since) are then reviewed: many unsigned drivers are present on a whitelist, some drivers have been signed with bugs allowing SIP to be bypassed, and "entitled" applications, like setuid binaries, grant application rights that the user is potentially not supposed to have…

 

Java Card security, Software and Combined attacks (Jean Dubreuil)

•  Permanent link
•  Full article
•  Video of the presentation

Two presentations on Java Cards followed one another. Jean Dubreuil began with a common introduction outlining how this type of chip works. The Java Card security model relies on two mechanisms:

• An offline mechanism: applications to be loaded into the card are checked via a ByteCode analyzer (BCV) and then signed by a trusted authority before being loaded into the card (CAP files); ;
• A compartmentalization mechanism integrated into the card (firewall) ensures that the application only accesses legitimate resources.

This is followed by a brief presentation of the different types of possible attacks: bypassing BCV, exploiting vulnerabilities in the JCVM (Java Card specialized JVM), or combined attacks where malicious code is hidden (therefore not detected by BCV) and executed by laser fault injection.

The first presentation assumes that BCV is secure and focuses on software vulnerabilities or combined attacks. Specifically presented are:

• A Java Card firewall bypass via a stack overflow
• A fault injection via laser to disrupt the chip's operation and force the execution of dead code

In conclusion, security mechanisms can be bypassed, and Java Cards (and more generally all smart cards) must be protected against software or combined attacks, even if Olivier Thomas's presentation "Evolution of Integrated Circuit Attack Techniques" the day before seemed to render many protection systems obsolete.

 

Fuzzing and Overflows in Java Card Smart Cards (Guillaume Bouffard and Julien Lancia)

•  Permanent link
•  Full article
•  Video of the presentation

This presentation focuses more specifically on the search for vulnerabilities within the BCV.

The presentation begins with fuzzing attacks: starting with a valid CAP file, evolutionary fuzzing is performed; successive mutations are introduced while attempting to preserve certain properties of the generated CAP files (array lengths, offsets, etc.). This step builds several CAP files that will be submitted to BCV (selection phase); those that are not valid are immediately discarded. Those that pass BCV tests will undergo another mutation phase, and so on. After two generations of mutations, a vulnerability within BCV is identified.

The presentation continues with overflow attacks which allow the arbitrary execution of native code on the map (the Social Event having already covered this, we invite you to consult the proceedings for more details).

 

Hardened Linux Kernels (Yves-Alexis Perez)

•  Permanent link
•  Full article
•  Slides
•  Video of the presentation

Yves-Alexis Perez presented techniques for hardening the Linux kernel to facilitate its installation and daily use. Even though the kernel is the central component of the operating system, it is frequently observed that the only modifications made are vulnerability patches, applied only after those vulnerabilities have been widely exploited. This approach is insufficient to ensure adequate system protection.

Several security features can be enabled by default when compiling a kernel, ensuring better isolation of processes, users, and different resources.

GRSecurity, for its part, is a security-oriented kernel patch that has been actively maintained for over 15 years. Yves-Alexis then detailed some of the features offered by GRSecurity.

 

White-box cryptography design: and in the end, Kerckhoffs wins (Charles Hubain and Philippe Teuwen)

•  Permanent link
•  Full article
•  Video of the presentation

"White-box" attacks are based on the assumption that attackers have total access to the hardware and can therefore use all possible and imaginable means, both physical and software, to extract sensitive data.

Therefore, there are cryptography implementation models designed to protect cryptographic secrets against this type of attack. However, all these "academic" models are only resistant to "academic" attacks.

The presentation therefore illustrates attacks and tools used to extract information from these implementations, such as execution traces. These execution traces allow the extraction of patterns identifying cryptographic implementations, or even Differential Power Analysis, which correlates power consumption with the Hamming weights of internal values.

 

Windows Error Reporting (Aurélien Bordes)

•  Permanent link
•  Video of the presentation

Windows Error Reporting (WER) is a technology introduced in Windows Vista that generates error logs when an application or operating system error occurs. This technology replaced Dr. Watson, which was introduced with Windows XP.

WER is notably used by Microsoft to centralize tens of millions of traces per day, the objective of which is:

• To quickly identify bugs that impact many systems (e.g., during KB installation); ;
• To detect cyberattacks (e.g. MS08-067).

Access to reports is available to third-party software vendors and hardware manufacturers via the Hardware Dev Center portal. It is also possible to configure workstations within a network to send reports to an internal corporate collector. Sending reports to an internal collector prevents information leaks and provides valuable information for detecting compromises (e.g., a crash of the "lsass" service on a domain controller at 2:00 AM).

A minimalist PHP server WER (https://github.com/aurel26/wer-server) is then presented by Aurélien Bordes. He centralizes in a database all the crashes reported by the park's stations and records all the error reports.

 

Bypassing DMA remapping with DMA (Benoît Morgan, Eric Alata, Guillaume Averlantn and Vincent Nicomette)

•  Permanent link
•  Full article
•  Slides
•  Video of the presentation

Benoît Morgan presented us with an attack on RAM via the PCIExpress bus bypassing the IOMMU protection (memory access manager).

The tool inception This allows reading/writing to any memory address (within the first 4 GB, with 32-bit addressing) via DMA access (e.g., a FireWire card connected to the PCI Express port). However, to counter this technique, the IOMMU module developed by Intel adds a layer of indirection by virtualizing the device address space through filtering and translation.

This protection module can, however, be bypassed. A malicious device connected to the motherboard will modify the context of elements in RAM to override the access restriction once the IOMMU module is loaded. Unrestricted read/write access is then possible.

In summary, if the computer has already booted with the IOMMU module loaded, it is not possible to arbitrarily access a memory area. To achieve this, a malicious device must be connected to the PICExpress port before booting.

 

Scapy in 15 minutes (Guillaume Valadon and Pierre Lalet)

•  Permanent link
•  Video of the presentation

The aim of this presentation is to introduce or reintroduce the Scapy network framework. The functions presented are:

• The ls() function, which allows you to list the fields of the packages
• The sr1() function allows you to send a packet and receive the response
• The srp() function sends a list of frames and returns the response
• Packages can be saved and read directly from a PCAP
• The sniff() function allows you to capture packets
• The multiplot() function allows you to plot curves to obtain a visual representation
• The canvas_dump() function displays a representation of the contents of a package
• Implementing a new protocol in a few lines
• The StreamSocket object allows Scapy to use a TCP socket
• Using scapy in responder mode: rather than sending a packet, we listen and react to what we receive in order to set up, for example, MITM attacks (the example given involved sending a WiFi ProbeResponse message for every ProbeRequest message received, with the objective of creating a fake network).

Regarding the upcoming commits, there will be:

• The integration of pipes allows for simple data transfer between interfaces.
• X.509 certificate support
• The ability to sign certificates
• BSD-derived operating systems will be supported natively, without external modules

 

Plaso & Timesketch (Romain Gayon)

•  Permanent link
•  Video of the presentation

This presentation introduces two open-source forensic tools: Plaso and Timesketch.

Plaso is used to parse normalized events from a disk image, creating a chronological event table and outputting it in various formats. This facilitates and accelerates an analyst's incident response work. Furthermore, Plaso allows hash verification on VirusTotal.

Timesketch allows you to visualize data, for example that extracted by Plaso, but by adding intelligence, with for example annotations of events, to have several timelines, to work collaboratively, etc.

These two tools allow users to correlate events, search a large number of logs, and classify alerts. Furthermore, at the end of an investigation, Timesketch provides a concise summary of all relevant information to facilitate report writing.

 

Dependency graphs: Little Thumb style (Aymeric Vincent, Camille Mougey, Caroline Leman, Fabrice Desclaux and Mathieu Blanc)

•  Permanent link
•  Full article
•  Video of the presentation

There are two ways to analyze data streams when reverse engineering a binary: influence analysis and dependency analysis. This presentation focuses on dependency analysis.

After a presentation of the state of the art, existing tools and their respective choices, the speakers indicated that the existing implementations did not meet or only partially met their expectations.

The approach adopted for their tool is as follows: the assembler is first translated into an intermediate language, then it uses an algorithm that follows the dependencies starting from a basic block and then proceeds by iteration to go back to the predecessors and thus follow the dependencies of the tracked variable.

The goal of the implemented algorithm is to refine the results as much as possible while having a fast response time.

 

Closing Conference (Karthikeyan Bhargavan)

The speaker leads the Prosecco team at INRIA, which focuses on secure programming in the context of cryptography.

This team has, among other things, created a TLS library called miTLS which has the distinction of being formally verified. This strict implementation of the RFCs and dedicated tooling led them to discover several vulnerabilities in the protocol and its implementations (for example, in the state machine of the Java TLS client which allowed an attacker, in a MITM position, to disable the encryption of communications without the client noticing).

The core of the presentation then focused on explaining several vulnerabilities they discovered (Freak, Sloth, Logjam).