ESIEA RECHERCHE

- PacSec 2009. Eric Filiol: Analysis of Word and Excel Encryption slides and the japanese version. Tools and source code soon available.

- Hack.LU 2009. Eric Filiol (Rescue Keynote): Analysis of Word and Excel Encryption slides.
- Hack.lu 2009. Eddy deligne and Eric Filiol: Perseus - A Firefox Plug-in to Fight Botnets... and many Other Things. Here is the Perseus webpage.
- Hack.lu 2009. Adrien Derock: HVM Virtual Machine Monitor, A Powerful Concept for Forensic and Anti-Forensic slides.
- Hack.lu 2009. Anthony Desnos : Implementation of K-ary viruses in Python slides.

- EICAR 2009, Grégoire Jacob, JavaScript and VisualBasicScript Threats : Different scripting languages for different malicious purposes slides.
- EICAR 2009, Anthony Desnos, Live Memory Forensics slides.
- EICAR 2009, Anthony Desnos, Detection of a HVM rootkit (aka BluePill-like) slides paper.
- Slides de la conférence d'Eric Filiol lors du FIC 2009 (http://www.fic2009.fr/fr/php/accueil.html) a Lille. Cette conférence est détaillée dans deux articles l'un publié dans la Revue de Défense Nationale, numéro de Mars 2009, pp. 74--86 (partie dediée aux cyber attaques visant des cibles ou opérations militaires) l'autre sera publié dans les actes de la conférence ECIW 2009 (http://www.academic-conferences.org/eciw/eciw2009/eciw09-timetable.htm) à Lisbonne en juillet 2009, où le cas des cyber attaques contre des cibles nationales civiles est présenté. L'article est disponible ici et slides du FIC 2009 sont là

- PDF Structazer This tool enables to analyze PDF documents at the PDF code level and to manipulate every single PDF object in the document. It is possible then to program a PDF as we would for any other programming language (however this version works in non WYSIWYG mode due to legal restrictions in France).
- Draugr Live memory forensics (Linux (symbols, process)), Old Homepage New Homepage
- Istari (POC) Loading of remote python code (all in memory), syscall proxy, rootkit userland ... more informations

January 11th, 2010 - Rules of the second antivirus attack challenge (PWN2KILL) which will be organized during the iAWACS 2010 conference are available on the conference website.

15 Déc 2009 - Invited talk given by Christopher Kruegel (University of California - Santa Barbara (UCSB) - USA. ESIEA Laval Room 115 at 9:00 AM.
Title: FIRE - Finding Rogue Networks. The abstract and the slides of the talk are available here.

14 Déc 2009 - PhD Viva of Grégoire Jacob (Laboratoire (C + V)). At 2 PM at ESIEA Laval Room 115.-
Title of the PhD Thesis: Malware Behavioral Models: bridging abstract and operational virology. The abstract of the thesis is available here.

7 Déc 2009 - During the Digital Security and Smart Technologies Event which took place in Paris from November 16^th to November 19^th, 2009, Vincent Guyot (ESIEA SI&S/LIP6 team) and the T2TIT team have won the Sésame "Best Software" Award. More info on the Sésame Awards website.

29 Nov 2009 - The Firefox Perseus module for Windows is available on the Perseus official webpage.

The Hack.lu crypto challenge organized by E. Filiol and A. Desnos is now over. Winners are Claus Overbeck and Alexandre Neumann from the Redteam company. Congratulations to the brilliant winners since the challenge was really hard.

The (C + V)^O lab will give a talk at PACSEC 2009 in Tokyo.

Slides about Picviz and PWN2RM are available !!!

Photos are coming soon !!

The conference ECIW 2010 (European Conference on Information Warfare and Security) will take place in Greece on July 1st and 2nd, 2010. ESIEA is chairing a mini track whose subject is: Technical Intelligence gathering and Counterfeiting. You will find here the CFP.

Book direction and feature from Claire Leroux at the "Publications de la Sorbonne" (philosophy of the arts section) Cover

List of Accepted papers and Talks, the final program will published later :

- Xavier Carcelle - Security overview and vulnerabilities of PLC technologies
- Philippe Langlois & Eugene Parkinson - Fully-Automated Wireless Security Audit Platform on Embedded Hardware
- Leonardo Nve Egea - Playing in a Satellite environment 1.2
- Erwan Abgrall - Oracle: A new hop
- Mahmoud Maqableh & Stefan Dantchev - Cryptanalysis of Chaos-Based Hash Function (CBHF)
- Robert Erra & Eric Filiol - Processor-dependent malware
- Benjamin Caillat - WiShMaster - Windows Shellcode MASTERy... reloaded (tutorial with technical practice)
- Robert Erra & Christophe Grenier - How to chose RSA keys? (Past, Present and Future)
- Anthony Desnos - Organizer of the PWN2RM Challenge

Information/Registration ?

Éric Filiol and Eddy Deligne (CVO team) will give a talk at the Hack.lu Conference (October 28th-30th,2009) whose topic is: "PERSEUS: A Coding Theory-based Firefox Plug-in to Counter Botnet Activity".

Anthony Desnos from the SI&S team will also give a talk: "Implementation of K-ary Viruses in Python".

Eric Filiol will organize the crypto challenge. See the crypto Challenge Page for more details.

See you soon @ Hack.lu !

Éric Filiol will give a talk at BRUCON (September 18th-19th, 2009) on the following subject: "How to prepare, coordinate and conduct a cyber attack"

Abstract : This talk intends to present how true cyberattack could be planned and launched from a military perspective but with the technical aspects in mind. The aim is to explain why the common definition of cyber attack is totally wrong and to show what a rogue group or a rogue nation could really do. Our approach is based on Nato InfoOps techniques, military doctrines and computer attacks techniques. A number a examples will be given to illustrate the talk.

The ATIS team and Faucon Noir are in Las Vegas at DefCon 17 to present their recent on military mini-drones. Everything is going well fro them. Here are some feedback in live. slides, conference photos. A huge success indeed!!!

Paper from Robert Erra and Christophe Grenier on an improvement of a RSA attack. The paper is available on eprint.

The ATIS team will present his recent results with respect to low-cost camera electronic hacking at the DefCon17 (Las-Vegas, USA) in order to transform them into devices having high performances in terms of photographic capabilities (military level) and their use n military mini-drones for surveillance purposes (among many other possibles uses...) The conference website is here http://www.defcon.org/html/defcon-17/dc-17-speakers.html#Gademer.

EICAR 2009, Grégoire Jacob, JavaScript and VisualBasicScript Threats : Different scripting languages for different malicious purposes slides.

EICAR 2009, Anthony Desnos, Live Memory Forensics slides.

EICAR 2009, Anthony Desnos, Detection of a HVM rootkit (aka BluePill-like) slides paper.

Slides of Eric Filiols talk at the FIC 2009 (http://www.fic2009.fr/fr/php/accueil.html) in Lille, France. This talk has been developed in two papers: the first one has been published in the Revue de Défense Nationale (National Defense Journal), March 2009 Issue, pp. 74--86 (this part is devoted to cyberattackes targetting military assets or operations) while the second has been presented at the ECIW 2009 event (http://www.academic-conferences.org/eciw/eciw2009/eciw09-timetable.htm) in Lisbon, Portugal, in july 2009. In this second part, the case of cyberattackes against national, civilian targets is addressed. The ECIW 2009 paper is available here and the the FIC 2009 slides are there

PDF Structazer This tool enables to analyze PDF documents at the PDF code level and to manipulate every single PDF object in the document. It is possible then to program a PDF as we would for any other programming language (however this version works in non WYSIWYG mode due to legal restrictions in France).
Draugr Live memory forensics (Linux (symbols, process)).

The system developed by the laboratory Réalité Virtuelle et Systèmes Embarqués (ESIEA Laval) and by ESIEA students (fourth year) for the Genourob company has just been used by a professional football team to select their new players (let us recall that the GNRB system enables to detect whether players' knee are weak or not without performing extremely expansive analysis and thus with a high degree of accuracy and efficiency). After having received a world scientific recognition, professional football teams as well as other professional sport teams are considering very seriously the GNRB system for their every day use.

The source code (to detect hypervisor) of Misc magazine 42/43 are released

Conference iAWACS 2009 at LAVAL (MAYENNE)