Category Archives: Talks

Finding holes: Operation Emmental

Like Swiss Emmental cheese, online banking protections may be full of holes. Banks have been trying to prevent cyber crooks from accessing their customers’ online accounts for ages. They have, in fact, invented all sorts of methods to allow their … Continue reading

Posted in ASFWS 2014, Talks | 1 Comment

Why .NET needs MACs and other serial(-ization) tales

What is the story behind Microsoft’s patches MS13-067 (SharePoint) and MS13-105 (Outlook Web Access)? What is really involved in a .NET ViewState and why did Microsoft disable the ability to turn off its integrity protection since ASP.NET version 4.5.2 (KB2905247)? … Continue reading

Posted in ASFWS 2014, Talks | 1 Comment

Offline bruteforce attack on WiFi Protected Setup

Wi-Fi Protected Setup™ is an optional certification program based on technology designed to ease the setup of security-enabled Wi-Fi networks in home and small office environments. Wi-Fi Protected Setup supports methods (pushing a button, entering a PIN, or using NFC) … Continue reading

Posted in ASFWS 2014, Talks | 2 Comments

On the Security of the iCloud Keychain

iCloud Keychain, one of the latest additions to the family of iCloud services that was pitched by  Apple. It is no doubt great for usability, but what about security? What kind of access does Apple  have to your passwords stored … Continue reading

Posted in ASFWS 2014, Talks | 1 Comment

Analyse technique d’un piratage helvétique

Il est rare qu’une affaire de piratage suisse fasse autant de vagues que le piratage d’un journaliste de la TSR cet été dans le cadre de l’affaire Giroud. Sans nous prononcer sur le fond de l’affaire nous allons décortiquer en … Continue reading

Posted in ASFWS 2014, Talks | 1 Comment

Exploiting Software Vulnerabilities on Windows 8

Over the past decade, Microsoft has added several security features to the Windows operating system in order to increase the cost of developing reliable exploits for attackers. Sadly, despite the tangible security improvements in the protection of their users, the … Continue reading

Posted in ASFWS 2014, Talks | 1 Comment

C++11 metaprogramming applied to software obfuscation

The C++ language and its siblings like C and Objective-C are ones of the most used languages today. Significant portions of operating systems like Windows, Linux, Mac OS X, iOS and Android are written in C and C++. There is … Continue reading

Posted in ASFWS 2014, Talks | 1 Comment

Obfuscator: Reloaded

La protection logicielle est un sujet qui prend de plus en plus d’importance, surtout depuis l’apparition de l’informatique ubiquitaire et mobile (smartphones, tablettes, etc.). L’implémentation de mesures efficaces contre le piratage et la modification illégale de logiciels induisent un coût … Continue reading

Posted in ASFWS 2014, Talks | 1 Comment

Warning Ahead: SecurityStorms are Brewing in Your JavaScript

JavaScript controls our lives – we use it to zoom in and out of a map, to automatically schedule doctor appointments and toplay online games. But have we ever properly considered thesecurity state of this scripting language? Before dismissing the … Continue reading

Posted in ASFWS 2014, Talks | 1 Comment

Mesures techniques de surveillance : qu’est-ce que permet le droit suisse ?

Depuis les révélations d’Edward Snowden, chacun s’inquiète de la protection de sa sphère privée et s’interroge sur les limites légales autorisant la surveillance et les moyens de défense du citoyen. Nous allons voir quels moyens de surveillance sont permis en … Continue reading

Posted in ASFWS 2014, Talks

NORX – A Parallel and Scalable Authenticated Encryption Algorithm and First Round Candidate in CAESAR

In this talk, we first present the current status of CAESAR, the Competition for Authenticated Encryption: Security, Applicability, and Robustness, which started officially on March 15, 2014. This contest aims to identify a portfolio of authenticated ciphers, i.e. cryptographic primitives … Continue reading

Posted in ASFWS 2014, Talks | 1 Comment

Utiliser SonarQube pour les tests sécurité

SonarQube est un outil permettant de base de gérer la dette technique. Néanmoins, Il dispose de différents moyens permettant de “gérer” des indicateurs permettant d’effectuer une analyse de code statique orienté sécurité. Nous passerons en revue lors de cette présentation, … Continue reading

Posted in ASFWS 2014, Talks | 1 Comment