{"id":228089,"date":"2017-06-13T18:01:09","date_gmt":"2017-06-13T16:01:09","guid":{"rendered":"http:\/\/securite.intrinsec.com\/?p=3117"},"modified":"2017-06-13T18:01:09","modified_gmt":"2017-06-13T16:01:09","slug":"sstic-2017-deuxieme-journee","status":"publish","type":"post","link":"https:\/\/www.intrinsec.com\/en\/sstic-2017-deuxieme-journee\/","title":{"rendered":"SSTIC 2017 \u2013 Day Two"},"content":{"rendered":"<p>Links to reports from other days:<\/p>\n<ul>\n<li><a href=\"https:\/\/www.intrinsec.com\/en\/2017\/06\/13\/sstic-2017-premiere-journee\/\">SSTIC 2017 \u2013 Day 1<\/a><\/li>\n<li>SSTIC 2017 \u2013 Day 2<\/li>\n<li><a href=\"https:\/\/www.intrinsec.com\/en\/2017\/06\/13\/sstic-2017-troisieme-journee\/\">SSTIC 2017 \u2013 Day 3<\/a><\/li>\n<\/ul>\n<h1>CrashOS: Searching for system vulnerabilities in hypervisors<\/h1>\n<p>Ana\u00efs Gantet (Airbus) presented us with an operating system, <a href=\"https:\/\/github.com\/airbus-seclab\/crashos\"><em>CrashOS<\/em><\/a> developed with the aim of searching for vulnerabilities present within hypervisors.<\/p>\n<p>This minimalist operating system, developed in C and assembly language, required two months of work and was primarily tested on two virtualization solutions: Ramooflax (developed internally at Airbus) and VMware. Tests covering the following aspects were written:<\/p>\n<ul>\n<li>access to physical memory; ;<\/li>\n<li>address translation mechanism; ;<\/li>\n<li>verification of rights in protected mode; ;<\/li>\n<li>managing the change in execution mode; ;<\/li>\n<li>communication with peripherals.<\/li>\n<\/ul>\n<p>When these tests reveal a vulnerability, it causes the virtual machine to crash, with an error message explaining the cause of the crash, allowing the vulnerability to be identified.<\/p>\n<p>Article and video: <a href=\"https:\/\/www.sstic.org\/2017\/presentation\/crashos\/\">https:\/\/www.sstic.org\/2017\/presentation\/crashos\/<\/a><\/p>\n<h1>ProTIP: Know what to expect from your PCI Express devices<\/h1>\n<p>This presentation by Marion Daubignard and Yves-Alexis Perez (ANSSI) focuses on threats related to peripherals <em>PCI Express<\/em> malicious.<\/p>\n<p>After reminders about <em>PCI Express<\/em>, The presenters presented their tool. <a href=\"https:\/\/github.com\/ANSSI-FR\/ProTIP\"><em>ProTIP (Prolog Tester for Information Flow in PCIe networks)<\/em><\/a> which calculates the actual connectivity of one component to another. The goal is to detect which component has the right to communicate with other components and which component can have its packets accepted by other components. <em>ProTIP<\/em> is capable of generating traces describing these possible communications.<\/p>\n<p>Article and video: <a href=\"https:\/\/www.sstic.org\/2017\/presentation\/protip\/\">https:\/\/www.sstic.org\/2017\/presentation\/protip\/<\/a><\/p>\n<h1>From Academia to real world: a practical guide to Hitag-2 RKE system analysis<\/h1>\n<p>In this conference, the four speakers (Chaouki Kasmi, Jos\u00e9 Lopes-Esteves, Mathieu Renard and Ryad Benadjila from ANSSI) aimed to highlight the vulnerabilities in the access control contained in certain types of car keys based on the algorithm <em>Hitag-2<\/em>. The speakers adopted the approach of a black box attacker, who therefore had no prior physical access to a vehicle or a key:<\/p>\n<ol>\n<li>radio frame capture and radio analysis; ;<\/li>\n<li>searching for the secret key; ;<\/li>\n<li>forging valid radio frames.<\/li>\n<\/ol>\n<p>The speakers reminded everyone of the protections put in place in the systems <em>RKE (Remote Keyless Entry)<\/em> of one-way communication between a key and a vehicle and presented the stream cipher algorithm <em>Hitag-2<\/em>, created by <em>Philips Semiconductors<\/em> in 1995 and having been <em>reversed<\/em> in 2007.<\/p>\n<p>After analyzing the implementation of <em>Hitag-2<\/em> Using a car key as a metaphor, the speakers were able to formalize the following conclusions:<\/p>\n<ul>\n<li>There are different implementations. <em>RKE Hitag-2<\/em> depending on the manufacturers; ;<\/li>\n<li>the cryptography in place is proprietary, obsolete and vulnerable, with no obligation to maintain its security; ;<\/li>\n<li>An attacker with only two frames could forge valid car opening frames.<\/li>\n<\/ul>\n<p>Article and video: <a href=\"https:\/\/www.sstic.org\/2017\/presentation\/from_academia_to_real_world_a_practical_guide_to_hitag-2_rke_system_analysis\/\">https:\/\/www.sstic.org\/2017\/presentation\/from_academia_to_real_world_a_practical_guide_to_hitag-2_rke_system_analysis\/<\/a><\/p>\n<h1>From bottom to top: attacks on microarchitecture from a web browser<\/h1>\n<p>Cl\u00e9mentine Maurice (<em>Secure Systems<\/em> of <em>Graz University of Technology<\/em>, Austria) wanted to highlight attacks <em>\u00ab&quot;side-channel&quot;\u00bb<\/em> which originate from leaks of physical information.<\/p>\n<p>After a brief review of DRAM, the speaker presented her attack. <em>DRAMA (DRAM Addressing attacks)<\/em> on the <em>row buffers<\/em> of the DRAM, close to the attack <em><a href=\"https:\/\/googleprojectzero.blogspot.fr\/2015\/03\/exploiting-dram-rowhammer-bug-to-gain.html\">rowhammer<\/a><\/em>. The goal is to gain access to the victim&#039;s memory, which shares the same resources as the attacker:<\/p>\n<ul>\n<li>via a hidden channel: two processes that communicate with each other, even if they are not authorized to do so.<\/li>\n<li>via side channel: a malicious process spying on benign processes, such as keystrokes<\/li>\n<\/ul>\n<p>Cl\u00e9mentine presented her &quot;template&quot; attack to us:<\/p>\n<ol>\n<li>sharing a <em>row<\/em> of <em>buffer<\/em> with the victim; ;<\/li>\n<li>memory profiling and saving ratios <em>row hit<\/em> for each address<\/li>\n<\/ol>\n<p>We can therefore know precisely when the victim makes a keystroke. The speaker was thus able to implement her attack in JavaScript (which can therefore be incorporated into a web application), despite some complications to overcome:<\/p>\n<ul>\n<li>lack of knowledge of physical addresses; ;<\/li>\n<li>lack of instruction for <em>flush<\/em> the cache; ;<\/li>\n<li>absence of <em>timer<\/em> high resolution (to the nanosecond) in recent web browsers, which forced the team to build one.<\/li>\n<\/ul>\n<p>This presentation therefore highlighted potential information leaks due to the hardware, which can be exploited using a web browser despite the protections in place (no <em>timer<\/em> native high resolution). Countermeasures are complicated to implement without reducing the functionality or performance of the browser&#039;s JavaScript engine.<\/p>\n<p>Video : <a href=\"https:\/\/www.sstic.org\/2017\/presentation\/2017_invite_1\/\">https:\/\/www.sstic.org\/2017\/presentation\/2017_invite_1\/<\/a><\/p>\n<h1>Binacle: &quot;full-bin&quot; indexing of binary files for searching and writing Yara signatures<\/h1>\n<p>After a few reminders about indexing <em>full-text<\/em>, Guillaume Jeanne (ANSSI) presented the objective of his tool <a href=\"https:\/\/github.com\/ANSSI-FR\/Binacle\">Binacle<\/a> (contraction of <em>\u00ab&quot;binary&quot;\u00bb<\/em> And <em>\u00ab&quot;oracle&quot;\u00bb<\/em>): Create a probabilistic database to directly index binary data from binary files. The primary application is malware analysis: identifying files that share code, identifying similar files, etc.<\/p>\n<p>Binacle, a tool written in Rust, relies on a hash table of n-grams. Each n-gram is associated with a list containing the identifiers of all documents that contain that n-gram.<\/p>\n<p>Guillaume was able to put his tool into practice to speed up scans. <a href=\"https:\/\/virustotal.github.io\/yara\/\">Yara<\/a> An initial scan is performed by Binacle, which will return a set of results on which the Yara scan will then be performed. Binacle can also help generate Yara rules.<\/p>\n<p>Article and video: <a href=\"https:\/\/www.sstic.org\/2017\/presentation\/binacle_indexation_full-bin_de_fichiers_binaires\/\">https:\/\/www.sstic.org\/2017\/presentation\/binacle_indexation_full-bin_de_fichiers_binaires\/<\/a><\/p>\n<h1>YaCo: Collaborative Reverse Engineering<\/h1>\n<p><a href=\"https:\/\/github.com\/DGA-MI-SSI\/YaCo\"><em>YaCo (Yes Another Collaborative Tool)<\/em><\/a> YaCo is a plugin for the IDA software that allows users to collaborate on the same project within IDA. For example, YaCo manages function name changes and comment modifications. The authors (Beno\u00eet Amiaux, Fr\u00e9d\u00e9ric Grelot, J\u00e9r\u00e9my Bou\u00e9tard, Martin Tourneboeuf, and Valerian Comiti from DGA-MI) explain that the plugin is based on the Git version control system. Each user works on a local copy of the project, and each change is versioned and then propagated to the local copies of other users. A conflict management feature is also available.<\/p>\n<p>Video : <a href=\"https:\/\/www.sstic.org\/2017\/presentation\/YaCo\/\">https:\/\/www.sstic.org\/2017\/presentation\/YaCo\/<\/a><\/p>\n<h1>Sibyl: divination function<\/h1>\n<p>Camille Mougey (CEA) presented the tool <a href=\"https:\/\/github.com\/cea-sec\/Sibyl\">Sibyl<\/a>, Based on MIASM2, this tool identifies libraries used in malicious code. The approach differs from traditional static analysis by focusing on function inputs and outputs. Specifically, the tool identifies a function at a given address.<\/p>\n<p>The entire process is then executed in a sandbox with standard parameters. If the output is correct, the function has been correctly identified. Otherwise, the analysis crashes or the outputs diverge.<\/p>\n<p>Video : <a href=\"https:\/\/www.sstic.org\/2017\/presentation\/sibyl__function_divination\/\">https:\/\/www.sstic.org\/2017\/presentation\/sibyl__function_divination\/<\/a><\/p>\n<h1>Breaking Samsung Galaxy Secure Boot through Download mode<\/h1>\n<p>Fr\u00e9d\u00e9ric Basse explained the exploitation of a bug in Galaxy phones allowing the NAND memory of the device to be recovered using an empty SD card.<\/p>\n<p>It should be noted that this attack is difficult to detect, given that the Knox guarantee bit is not modified.<\/p>\n<p>Article and video: <a href=\"https:\/\/www.sstic.org\/2017\/presentation\/attacking_samsung_secure_boot\/\">https:\/\/www.sstic.org\/2017\/presentation\/attacking_samsung_secure_boot\/<\/a><\/p>\n<h1>Oops, your election has been hacked\u2026 (Or not)<\/h1>\n<p>Martin Untersinger, a journalist for Le Monde, discussed the cyberattacks observed around the time of the presidential elections worldwide, with a particular focus on the United States. The message conveyed clearly demonstrates that attributing such attacks goes far beyond purely technical considerations, revealing geopolitical factors at play.<\/p>\n<p>He explained that the stance taken by US government agencies (FBI\/CIA\/NSA) on the attribution and disclosure of reports is a historic first. Indeed, acknowledging an attack on a government can undermine the democratic process and do more harm than good, according to Martin.<\/p>\n<p>For the speaker, major questions arise that are slowing down the investigative work:<br \/>\n\u2013 Should we publish documents based on their impact?<br \/>\n\u2013 Are the documents authentic or altered?<br \/>\n\u2013 Should we ignore the information or potentially participate in disinformation?<\/p>\n<p>The conclusion reached is that the political layer superimposed on a technical aspect that is relatively difficult for the uninitiated now represents a Herculean task. It is absolutely essential for the speaker to provide proper context and implement safeguards when handling this type of information.<\/p>\n<p>Article and video: <a href=\"https:\/\/www.sstic.org\/2017\/presentation\/oups_votre_election_a_ete_piratee\/\">https:\/\/www.sstic.org\/2017\/presentation\/oups_votre_election_a_ete_piratee\/<\/a><\/p>","protected":false},"excerpt":{"rendered":"<p>Links to the reports from the other days: SSTIC 2017 \u2013 Day 1 SSTIC 2017 [\u2026]<\/p>","protected":false},"author":1,"featured_media":3115,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13,19],"tags":[],"class_list":["post-228089","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-evaluation-securite","category-soc-securite-operationnelle"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.0 (Yoast SEO v27.8) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>SSTIC 2017 - deuxi\u00e8me journ\u00e9e - INTRINSEC<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.intrinsec.com\/en\/sstic-2017-deuxieme-journee\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SSTIC 2017 - deuxi\u00e8me journ\u00e9e\" \/>\n<meta property=\"og:description\" content=\"Liens vers les compte-rendus des autres jours : SSTIC 2017 &#8211; jour 1 SSTIC 2017 [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.intrinsec.com\/en\/sstic-2017-deuxieme-journee\/\" \/>\n<meta property=\"og:site_name\" content=\"INTRINSEC\" \/>\n<meta property=\"article:published_time\" content=\"2017-06-13T16:01:09+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2025\/05\/placeholder.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"800\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Intrinsec\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@Intrinsec\" \/>\n<meta name=\"twitter:site\" content=\"@Intrinsec\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Intrinsec\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/sstic-2017-deuxieme-journee\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/sstic-2017-deuxieme-journee\\\/\"},\"author\":{\"name\":\"Intrinsec\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#\\\/schema\\\/person\\\/ade590fbc7ad6f413727bae7cd3fb799\"},\"headline\":\"SSTIC 2017 &#8211; deuxi\u00e8me journ\u00e9e\",\"datePublished\":\"2017-06-13T16:01:09+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/sstic-2017-deuxieme-journee\\\/\"},\"wordCount\":1615,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/sstic-2017-deuxieme-journee\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.intrinsec.com\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/placeholder.png\",\"articleSection\":[\"S\u00e9curit\u00e9 offensive &amp; Audit\",\"SOC S\u00e9curit\u00e9 Op\u00e9rationnelle\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.intrinsec.com\\\/sstic-2017-deuxieme-journee\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/sstic-2017-deuxieme-journee\\\/\",\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/sstic-2017-deuxieme-journee\\\/\",\"name\":\"SSTIC 2017 - deuxi\u00e8me journ\u00e9e - INTRINSEC\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/sstic-2017-deuxieme-journee\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/sstic-2017-deuxieme-journee\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.intrinsec.com\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/placeholder.png\",\"datePublished\":\"2017-06-13T16:01:09+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/sstic-2017-deuxieme-journee\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.intrinsec.com\\\/sstic-2017-deuxieme-journee\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/sstic-2017-deuxieme-journee\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/placeholder.png\",\"contentUrl\":\"https:\\\/\\\/www.intrinsec.com\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/placeholder.png\",\"width\":1200,\"height\":800},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/sstic-2017-deuxieme-journee\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\\\/\\\/www.intrinsec.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"SSTIC 2017 &#8211; deuxi\u00e8me journ\u00e9e\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#website\",\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/\",\"name\":\"INTRINSEC\",\"description\":\"Notre m\u00e9tier , Prot\u00e9ger le v\u00f4tre\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.intrinsec.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#organization\",\"name\":\"INTRINSEC\",\"alternateName\":\"ISEC\",\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/wp-content\\\/uploads\\\/2025\\\/02\\\/libellule.png\",\"contentUrl\":\"https:\\\/\\\/www.intrinsec.com\\\/wp-content\\\/uploads\\\/2025\\\/02\\\/libellule.png\",\"width\":1322,\"height\":1322,\"caption\":\"INTRINSEC\"},\"image\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/Intrinsec\",\"https:\\\/\\\/fr.linkedin.com\\\/company\\\/intrinsec\",\"https:\\\/\\\/www.youtube.com\\\/channel\\\/UC0trUZAHNZOUbxYnNdecM4A\"],\"description\":\"soci\u00e9t\u00e9 de consulting, pure player cybers\u00e9curit\u00e9 fran\u00e7ais et europ\u00e9en depuis plus de 30ans, sp\u00e9cialiste dans la s\u00e9curit\u00e9 offensive & audit (pentest\\\/red team), GRC, et services IMSS comme le SOC, CTI et CERT Intrinsec est qualifi\u00e9 PASSI Elev\u00e9, PRIS Elev\u00e9 et PACS par l'ANSSI\",\"email\":\"contact@intrinsec.com\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#\\\/schema\\\/person\\\/ade590fbc7ad6f413727bae7cd3fb799\",\"name\":\"Intrinsec\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/fde6ed961c7078765b03a213927b5c4001b1cef4787255188f5b502a99e6ddd6?s=96&d=retro&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/fde6ed961c7078765b03a213927b5c4001b1cef4787255188f5b502a99e6ddd6?s=96&d=retro&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/fde6ed961c7078765b03a213927b5c4001b1cef4787255188f5b502a99e6ddd6?s=96&d=retro&r=g\",\"caption\":\"Intrinsec\"},\"sameAs\":[\"https:\\\/\\\/www.intrinsec.com\"],\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/en\\\/author\\\/ufhtbqccsz\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"SSTIC 2017 - Day Two - INTRINSEC","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.intrinsec.com\/en\/sstic-2017-deuxieme-journee\/","og_locale":"en_US","og_type":"article","og_title":"SSTIC 2017 - deuxi\u00e8me journ\u00e9e","og_description":"Liens vers les compte-rendus des autres jours : SSTIC 2017 &#8211; jour 1 SSTIC 2017 [&hellip;]","og_url":"https:\/\/www.intrinsec.com\/en\/sstic-2017-deuxieme-journee\/","og_site_name":"INTRINSEC","article_published_time":"2017-06-13T16:01:09+00:00","og_image":[{"width":1200,"height":800,"url":"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2025\/05\/placeholder.png","type":"image\/png"}],"author":"Intrinsec","twitter_card":"summary_large_image","twitter_creator":"@Intrinsec","twitter_site":"@Intrinsec","twitter_misc":{"Written by":"Intrinsec","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.intrinsec.com\/sstic-2017-deuxieme-journee\/#article","isPartOf":{"@id":"https:\/\/www.intrinsec.com\/sstic-2017-deuxieme-journee\/"},"author":{"name":"Intrinsec","@id":"https:\/\/www.intrinsec.com\/#\/schema\/person\/ade590fbc7ad6f413727bae7cd3fb799"},"headline":"SSTIC 2017 &#8211; deuxi\u00e8me journ\u00e9e","datePublished":"2017-06-13T16:01:09+00:00","mainEntityOfPage":{"@id":"https:\/\/www.intrinsec.com\/sstic-2017-deuxieme-journee\/"},"wordCount":1615,"commentCount":0,"publisher":{"@id":"https:\/\/www.intrinsec.com\/#organization"},"image":{"@id":"https:\/\/www.intrinsec.com\/sstic-2017-deuxieme-journee\/#primaryimage"},"thumbnailUrl":"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2025\/05\/placeholder.png","articleSection":["S\u00e9curit\u00e9 offensive &amp; Audit","SOC S\u00e9curit\u00e9 Op\u00e9rationnelle"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.intrinsec.com\/sstic-2017-deuxieme-journee\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.intrinsec.com\/sstic-2017-deuxieme-journee\/","url":"https:\/\/www.intrinsec.com\/sstic-2017-deuxieme-journee\/","name":"SSTIC 2017 - Day Two - INTRINSEC","isPartOf":{"@id":"https:\/\/www.intrinsec.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.intrinsec.com\/sstic-2017-deuxieme-journee\/#primaryimage"},"image":{"@id":"https:\/\/www.intrinsec.com\/sstic-2017-deuxieme-journee\/#primaryimage"},"thumbnailUrl":"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2025\/05\/placeholder.png","datePublished":"2017-06-13T16:01:09+00:00","breadcrumb":{"@id":"https:\/\/www.intrinsec.com\/sstic-2017-deuxieme-journee\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.intrinsec.com\/sstic-2017-deuxieme-journee\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.intrinsec.com\/sstic-2017-deuxieme-journee\/#primaryimage","url":"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2025\/05\/placeholder.png","contentUrl":"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2025\/05\/placeholder.png","width":1200,"height":800},{"@type":"BreadcrumbList","@id":"https:\/\/www.intrinsec.com\/sstic-2017-deuxieme-journee\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.intrinsec.com\/"},{"@type":"ListItem","position":2,"name":"SSTIC 2017 &#8211; deuxi\u00e8me journ\u00e9e"}]},{"@type":"WebSite","@id":"https:\/\/www.intrinsec.com\/#website","url":"https:\/\/www.intrinsec.com\/","name":"INTRINSEC","description":"Our job is to protect yours.","publisher":{"@id":"https:\/\/www.intrinsec.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.intrinsec.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.intrinsec.com\/#organization","name":"INTRINSEC","alternateName":"ISEC","url":"https:\/\/www.intrinsec.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.intrinsec.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2025\/02\/libellule.png","contentUrl":"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2025\/02\/libellule.png","width":1322,"height":1322,"caption":"INTRINSEC"},"image":{"@id":"https:\/\/www.intrinsec.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/Intrinsec","https:\/\/fr.linkedin.com\/company\/intrinsec","https:\/\/www.youtube.com\/channel\/UC0trUZAHNZOUbxYnNdecM4A"],"description":"Intrinsec, a consulting firm and pure-play French and European cybersecurity provider for over 30 years, specializes in offensive security and auditing (penetration testing\/red teams), GRC, and IMSS services such as SOC, CTI, and CERT. Intrinsec is qualified at PASSI High, PRIS High, and PACS levels by ANSSI.","email":"contact@intrinsec.com"},{"@type":"Person","@id":"https:\/\/www.intrinsec.com\/#\/schema\/person\/ade590fbc7ad6f413727bae7cd3fb799","name":"Intrinsic","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/fde6ed961c7078765b03a213927b5c4001b1cef4787255188f5b502a99e6ddd6?s=96&d=retro&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/fde6ed961c7078765b03a213927b5c4001b1cef4787255188f5b502a99e6ddd6?s=96&d=retro&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/fde6ed961c7078765b03a213927b5c4001b1cef4787255188f5b502a99e6ddd6?s=96&d=retro&r=g","caption":"Intrinsec"},"sameAs":["https:\/\/www.intrinsec.com"],"url":"https:\/\/www.intrinsec.com\/en\/author\/ufhtbqccsz\/"}]}},"_links":{"self":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/posts\/228089","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/comments?post=228089"}],"version-history":[{"count":0,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/posts\/228089\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/media\/3115"}],"wp:attachment":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/media?parent=228089"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/categories?post=228089"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/tags?post=228089"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}