As auditors, we sometimes struggle when trying to explain to our customers that it is always better to reach the maximum level of security, instead of the minimal required effort. It does not always help that we cryptographers are known to speak in the language of Mordor (we just call it mathematics) and live deep in a zero-knowledge cave. Introduction...

USB (Universal Serial Bus) is the current standard for connecting peripherals to devices. USB is used to connect keyboards, mouses, printers, music instruments, storage, cameras and pretty much everything to a device. This makes it the perfect target for security researchers with physical access to a USB port. While exchanging with USB peripherals...

Introduction In 2017, Troy Hunt introduced in a blog post a service to allow people to check if a password is known to be already present among the 306 million of leaked passwords from various breaches.1 Of course, it was not recommended to submit your real password or even a hash of it. The following year, Junade Ali from Cloudflare proposed a very...

Introduction In the previous article, Reversing Windows Container, episode I: Silo, we introduced the notion of Windows Containers, which are also called Server Silos. We have seen that Server Silos are a special kind of Silos and Silos are super Windows Job Objects. We took Docker as a practical test case to describe step by step the process of...

Introduction In the previous article, Reversing Windows Container, episode I: Silo, we introduced the notion of Windows Containers, which are also called Server Silos. We have seen that Server Silos are a special kind of Silos and Silos are super Windows Job Objects. We took Docker as a practical test case to describe step by step the process of...

Introduction In March 2024, SandboxAQ proposed a capture the flag composed of 4 challenges involving cryptography. More precisely, the goal was to test participants on their knowledge of post-quantum cryptography, where 3 out of the 4 challenges involved the CRYSTALS-Kyber key exchange mechanism, finalist of the NIST standardization competition. Challenge...