Latest News
I am just back from SSTIC 2017, where I presented the reverse engineering of a connected toothbrush.

Peer-Reviewed Journals

• A. Apvrille, L .Apvrille, SherlockDroid: a Research Assistant to Spot Unknown Malware in Android Marketplaces, Journal in Computer Virology and Hacking Techniques, vol. 11, no. 39, pages 1-11, 2015. [paper]. The final publication is available at Springer via DOI: [http://dx.doi.org/10.1007/s11416-015-0245-z]
• A. Apvrille, T. Strazzere, Reducing the window of opportunity for Android malware Gotta catch'em all, Journal in Computer Virology, 2012, DOI: 10.1007/s11416-012-0162-3
• A. Apvrille, Symbian worm Yxes: towards mobile botnets?, Journal in Computer Virology, 2012, DOI: 10.1007/s11416-012-0163-2
• L. Apvrille, P. de Saqui-Sannes, R. Pacalet et A. Apvrille, Un environnement de conception de systèmes distribués basé sur UML, Annals of Telecommunications, Vol. 61, n 11/12, pp. 1347-1368, Nov. 2006 [Abstract]
• A. Apvrille, M. Pourzandi, Secure Software Development by Example, IEEE Security & Privacy, vol. 3, no. 4, July/August, 2005, pp. 10-17. [Link]
• A. Apvrille, M. Pourzandi, XML Distributed Security Policy for Clusters, Computers & Security Journal (COSE91), Elsevier, vol. 23, no. 8, pp 649-658, December 2004 - [Abstract]

Academic, Peer-Reviewed Conferences

• A. Apvrille, Ingénierie inverse d'une brosse à dents connectée, Symposium sur la sécurité des technologies de l'information et des communications (SSTIC), Rennes, 7-9 juin 2017 [paper][video]
• L. Apvrille, A. Apvrille, Identifying Unknown Android Malware with Feature Extractions and Classification Techniques, IEEE TrustCom, Helsinki, Finland, 20-22 August 2015 [see here]
• L. Apvrille, A. Apvrille, Pre-filtering Mobile Malware with Heuristic Techniques, GreHack, Grenoble, France, November 2013 [paper] [slides]
• A. Apvrille, T. Strazzere, Reducing the Window of Opportunity for Android Malware, in Proceedings of the 21st EICAR Annual Conference, pp. 131-149, Lisbon, Portugal, May 7-8, 2012 [paper] [slides].
• A. Apvrille, J. Zhang, Four Malware and a Funeral, in Proceedings of 5th Conf. on Network Architectures and Information Systems Security (SAR-SSI), Menton, France, May 18-21, 2010.
• A. Apvrille, Symbian Worm Yxes: Towards Mobile Botnets?, in Proceedings of the 19th EICAR Annual Conference, pp. 31-54, Paris, France, May 8-11, 2010 (Best Paper Award) [paper][slides]
• L. Apvrille, P. de Saqui-Sannes, A. Apvrille, Une méthodologie de conception des systèmes distribués basée sur UML, Actes de la 5ème conférence sur les nouvelles technologies de la répartition (NOTERE'05), p 217-214, Gatineau, QC, Canada, 29 août - 1er septembre 2005.
• A. Apvrille, D. Gordon, S. Hallyn, M. Pourzandi, V. Roy, DigSig: Runtime Authentication of Binaries at the Kernel Level, in the Proceedings of the 18th Large Installation System Administration Conference (LISA'04), pp. 59-66, Atlanta, November 14-19 2004 [Link].
• M. Pourzandi, A. Apvrille, E. Gingras, A. Medenou, D. Gordon, Distributed Access Control for Carrier Class Clusters, Parallel and Distributed Processing Techniques and Applications (PDPTA'03) conference, Las Vegas, June 2003.
• A. Apvrille, J. Hughes, V. Girier,Streamed or Detached Triple Integrity for a Time Stamped Secure Storage System, First International IEEE Security in Storage Workshop (SISW'2002), Greenbelt, Maryland, USA, December 2002, [pdf]
• A. Apvrille, V. Girier, XML Security Time Stamping Protocol, Information Security Solutions Europe conference (ISSE'02), Paris, October 2002, [pdf].
• A. Apvrille, J. Hughes, A Time Stamped Virtual WORM System, SEcurité de la Communication ur Internet workshop (SECI'02), Tunis, Tunisia, September 2002, [pdf].

Industrial, hacking conferences

This section concerns non-academic conferences. Usually, peer-review is more limited, submission of an abstract, bio, demo, video, slides...
Sometimes very technical!

• A. Apvrille, Android Reverse Engineering Tools: not the usual suspects, Virus Bulletin Conference, Madrid, Spain, October, to appear
• A. Apvrille, Infecting Internet of Things, DefCamp, Bucharest, Romania, November 2016 [slides]
• A. Apvrille, Mobile Applications: a Backdoor into Internet of Things?, Virus Bulletin Conference, Denver, USA, October 2016 [slides]
• A. Apvrille, Reversing Internet of Things from mobile applications, Insomni'hack, Geneva, March 2016 [slides] and Area 41, Zurich, June 2016 [slides] [video].
• A. Apvrille, Geek usages for your Fitbit Flex tracker Hack.lu, Luxemburg, October 2015 [slides]
• A. Apvrille, Criminal Profiling: Android Malware, Nuit du Hack, Paris, June 20, 2015, [slides]
• A. Apvrille, Fitness Tracker: Hack in Progress, Hack in Paris, Paris, June 18-19, 2015, [slides] and Hacktivity [slides] (October 2015)
• A. Apvrille, Pawn Storm: What's Up on iOS devices?, Insomni'hack, Geneva, March 2015, [slides]
• A. Apvrille, L. Apvrille, SherlockDroid: an Inspector for Android Marketplaces, Hack.Lu, Luxembourg, October 21-24, [paper] [slides]
• A. Apvrille, A. Albertini, Hide Android Applications in Images, BlackHat Europe, Amsterdam, NL, October 2014, 16-17 [paper] [slides]
• A. Apvrille, Playing Hide and Seek with Dalvik Executables, Hacktivity, Budapest, Hungary, October 2013 - also presented at Hack.Lu, Luxembourg, October 2013, updated at Insomni'Hack in March 2014 [InsomniHack slides][Hack.lu slides][paper]
• K. de Pontevès, A. Apvrille, Analysis of Android In-App Advertisement Kits, Virus Bulletin Conference, pp. 133-138, Berlin, Germany, October 2013. [slides]
• A. Apvrille, Guns and Smoke to Defeat Mobile Malware, Hashdays, Lucerne, Switzerland, November 2-3 2012.
  This is a "Sponsor Talk" (though I do not really talk about Fortinet) [slides]
• A. Apvrille, G. Lovet, An Attacker's Day into Virology: Human vs Computer, BlackHat Europe, Amsterdam, The Netherlands, March 14-16 2012, [paper] [slides]
• A. Apvrille, Android Reverse Engineering Tools, Insomni'Hack 2012, Geneva, Switzerland, March 2, 2012 [slides]
• A. Apvrille, Cryptography for Mobile Malware Obfuscation, RSA Europe, London, UK, October 2011. [paper] [demo video]
• A. Apvrille, An OpenBTS GSM Replication Jail for Mobile Malware, Virus Bulletin Conference, pp. 86-94, Barcelona, Spain, October 2011. [paper][slides][demo video]. Copyright is held by Virus Bulletin Ltd but made available on this site for personal use free of charge by permission of Virus Bulletin
• A. Apvrille, Mobile Malware in Practice, Insomni'Hack 2011, Geneva, Switzerland, March 4, 2011, [slides]
• A. Apvrille, K. Yang, Defeating mTANs for profit, ShmooCon 2011, Washington DC, USA, January 28-30 2011, [slides]
• A. Apvrille, The Four Horsemen, 7th CONFidence 2010 conference, Krakow, Poland, May 24-26, 2010 [slides]

Workshop, trainings

Those are trainings I gave.

• A. Apvrille, Android malware reverse engineering, Hack.lu, Luxemburg, October 2016 [slides] and Insomni'hack, Geneva, Switzerland, March 2017 [slides] and La Nuit du Hack, June 2017 (to appear)

Technical magazines

• A. Apvrille, R&ecaute;trop-ingénierie d'applications Android avec Androguard, MISC, to appear
• A. Apvrille, Les objets connectés peuvent-ils être infectés?MISC - Hors Série numéro 15 : Sécurité des objets connectés, pp. 88 - 103, Mai 2017
• A. Apvrille, Analyse de la sécurité d'un bracelet sportif, MISC numéro 87, p. 76, Septembre-Octobre 2016
• A. Apvrille, L. Apvrille, Ventilation contrôlée par des framboises, Hackable magazine, no.11, p.32, Mars-Avril 2016
• A. Apvrille, L. Apvrille, Contrôler sa chaudière à distance avec un Raspberry Pi, Hackable magazine, no.8, p.60, Septembre-Octobre 2015
• A. Apvrille, Inside the iOS/AdThief malware, Virus Bulletin, August 2014 [pdf].
• A. Apvrille, R. Nigam, Obfuscation in Android malware and how to fight back, Virus Bulletin, July 2014 [pdf]. This was also presented at the 8th International CARO Workshop, May 15-16, Florida, USA.
• L. Apvrille, A. Apvrille, P. Bogossian, Retour d'expérience sur quelques épreuves de Hack.lu 2013 MISC numéro 73, p.50-86, Mai-Juin 2014
• A. Apvrille, Détenu virus mobile : nous avons les moyens de vous faire parler !, MISC Hors série numéro 5, p. 80, Avril - Mai 2012
• A. Apvrille, K. Yang, Defeating mTANs for Profit - part one, Virus Bulletin, pp. 6-10, March 2011
• A. Apvrille, Le virus Symbian RommWar à la loupe, MISC numéro 46, p.42-49, Novembre - Décembre 2009.
• A. Apvrille, La sécurité des Wikis, MISC numéro 44, p.76-82, Juillet - Août 2009.
• A. Apvrille, Conception et architecture de la bibliothèque cryptographique d'OpenSSL, MISC numéro 32, p.52-60, Juillet - Août 2007.
• A. Apvrille, Protéger les messages applicatifs avec XML Security ou PKCS, MISC numéro 25, Mai - Juin 2006.
• A. Apvrille, D. Gordon, DigSig novelties, Libre Software Meeting, Security Topic, July 4-9 2005 [slides].
• A. Apvrille, Des erreurs dans mon code sécurisé où ca ?! MISC numéros 16-17, Novembre 2004-Janvier 2005.
• A. Apvrille, M. Pourzandi, Trusted Computing in Linux: status, Linux World magazine, Vol. 2, No. 12, December 2004.
• M. Pourzandi, A. Apvrille, Setting up Virtual Security Zones in a Linux Cluster, Linux Journal, issue 126, October 2004 [HTML].
• A. Apvrille, L'ASN.1 par l'exemple dans les certificats X.509, MISC numéro 15, septembre-octobre 2004.
• A. Apvrille, M. Pourzandi, D. Gordon, V. Roy, Stop Malicious Code Execution at Kernel-Level, Linux World magazine, Vol. 2, No. 1, January 2004.
• A. Apvrille, M. Pourzandi, Protéger un réseau de machines distribuées contre un débordement de buffer… d'un seul coup, MISC numéro 7, mai-juin 2003.

Miscellaneous presentations

• A. Apvrille, OpenBTS for dummies v0.5, April 2011 [pdf]
• Programmation sécurisée sous Java: retour d'expérience, RéSIST, Septembre 2002 [slides].
• L'horodatage sécurisé: état de l'art et applications, RéSIST, Juin 2002 [slides].

Blog Posts

2017:

• Zero patch IoT environment on Fortinet's blog, May 17, 2017
• Security Research News In Brief - April 2017 edition on Fortinet's blog, May 10, 2017
• Security Research News In Brief - March 2017 edition on Fortinet's blog, Mar 24, 2017
• Teardown of a recent variant of Android/Ztorg part 1 and part 2, on Fortinet's blog, Mar 15, 2017
• You don't need to break my heart, on Fortinet's blog, Feb 27, 2017

2016:

• Reading your tracker's battery level with a standard Bluetooth 4.0 USB dongle, on Fortinet's blog, Dec 9, 2016
• Disassembling Linux/Mirai.B!worm on Fortinet's blog, Dec 8, 2016
• Hackathon Sophia Antipolis 2016, on Fortinet's blog, Nov 29, 2016
• DefCamp 2016, on Fortinet's blog, Nov 18, 2016
• Where I nearly won a connected coffee machine at DefCamp 2016, on Fortinet's blog, Nov 17, 2016
• IoT-based Linux/Mirai: Frequently Asked Questions, on Fortinet's blog, Oct 31, 2016
• Hack.Lu 2016 Wrap Up on Fortinet's blog, Oct 25, 2016
• IoT malware are coming. Will you listen to me know?, on Fortinet's blog, Oct 24, 2016
• Pebble Smartwatch Talk at Virus Bulletin 2016, on Fortinet's blog, Oct 14, 2016
• Risks or not behing Pokémon GO, on Fortinet's blog, August 11, 2016
• Pokémon GO Plus review through reverse engineering, on Fortinet's blog, August 11, 2016
• Android adware trying to deceive the analyst, on Fortinet's blog, May 20, 2016
• Your Gossip Is Public, on Fortinet's blog, April 22, 2016
• WhatsApp vs Telegram, on Fortinet's blog, April 15, 2016
• Insomni'hack 2016, on Fortinet's blog, March 25, 2016
• Bad Mirror: New Android Malware family spotted by SherlockDroid, on Fortinet's blog, March 7, 2016

2015:

• Hacktivity 2015 on Fortinet's blog October 14, 2015
• CryptoGirl on StageFright: A Detailed Explanation on Fortinet's blog August 25, 2015
• StageFright, Telegram Stage-Left & WhatsApp Stage-Right on Fortinet's blog August 14, 2015
• Locker, an Android ransomware full of surprises on Fortinet's blogAugust 11, 2015
• Want Everybody to Know You're Flirting? This App is For You! on Fortinet's blog July 25, 2015
• Insurance Fraud via Internet of Thingson Fortinet's blogJuly 9, 2015
• Nuit du Hack 2k15 on Fortinet's blog June 25, 2015
• Hack in Paris 2015 on Fortinet's blog June 24, 2015
• Android Security Report in Far Less Than 44 Pages on Fortinet's blog April 17, 2015
• InsomniDroid Part 2: Write Up on Fortinet's blog April 4, 2015
• Insomni'Hack iOS challenges on Fortinet's blog March 26, 2015
• Insomni'hack CTF write up on Fortinet's blog March 25, 2015
• Insomni'hack 2015 on Fortinet's blog March 23, 2015
• Investigating on PawnStorm for iPhone on Fortinet's blog February 13, 2015
• Aggressive Riskware Installation on Amazon Kindle (and Android)on Fortinet's blog January 12, 2015

2014:

• Inside Hack.Lu 2014, on Fortinet's blog November 10, 2014
• Android Emmental, Adding Cheese in Emmental Holes, on Fortinet's blog October 30, 2014
• Inside BlackHat Europe 2014, on Fortinet's blog October 29, 2014
• 0wning Emmental, on Fortinet's blog October 20, 2014
• Android Packers Talk at Hacktivity, on Fortinet's blog October 9, 2014
• My Day Unbricking a Friend's Phone, on Fortinet's blog September 17, 2014
• Want everybody to know you're flirting? this app is for you!, on Fortinet's blog July 25, 2014
• Clean for the phone, but not clean in the code, on Fortinet's blog July 7, 2014
• iOS Malware Does Exist on Fortinet's blog, June 9, 2014
• AngeCryption at Insomni'Hack on Fortinet's blog, March 31, 2014
• Mobile Advertisement Serving Fake Anti-Virus and App Over Billing on Spanish newspaper on Fortinet's blog, March 14, 2014
• New Drive By Download Android Malware on Fortinet's blog, February 17, 2014
• Malware or Spam Campaign on Internet of Things on Fortinet's blog, January 27, 2014

2013:

• Sophisticated DEX obfuscation or Proguard configuration issue? on Fortinet's blog, December 16, 2013
• RATP Android Application Privacy: Status on Fortinet's blog, December 2, 2013
• Alligator at GreHack on Fortinet's blog, November 14, 2013
• Hack.lu Capture The Flag (CTF) - RoboAuth on Fortinet's blog, October 29, 2013
• Hacktivity 2013: Keynotes on Fortinet's blog, October 17, 2013
• VB 2013 - Day 3 on Fortinet's blog, October 14, 2013
• VB 2013 - Day 2 on Fortinet's blog, October 11, 2013
• VB 2013 - Day 1 on Fortinet's blog, October 10, 2013
• iPhone 5S: Inside the Secure Enclave on Fortinet's blog, September 16, 2013
• NSA's (and GCHQ) Decryption Capabilities: Truth and Lies on Fortinet's blog, September 6, 2013
• Alligator detects GPS leaking adware on Fortinet's blog, August 2, 2013
• Mobile Malware Gets in the Top 10 Viruses on Fortinet's blog, July 29, 2013
• Millions of SIM cards vulnerable to remote compromise on Fortinet's blog, July 24, 2013
• Don't Send Your SMS Scam to an AntiVirus Analyst on Fortinet's blog, July 17, 2013
• I am Datarmined to secure my Facebook posts on Fortinet's blog, July 8, 2013
• An Anti-Virus Analyst's Day (or Hour) into Firefox OS on Fortinet's blog, June 20, 2013
• NSA Has Large Disks on Fortinet's blog, June 10, 2013
• 11M for a simple conference program application on Fortinet's blog, May 27, 2013
• 1,000 malicious Android samples per day on Fortinet's blog, May 13, 2013
• Finding Similarities and Differences at DEX level on Fortinet's blog, May 6, 2013

2012:

• EuroGrabber is Zitmo on FortiGuard's blog, December 7, 2012
• Hashdays Android Challenge: the Solution on FortiGuard's blog, November 23, 2012
• Hashdays Arduino Badge on FortiGuard's blog, November 9, 2012
• Hashdays 2012 wrap-up on FortiGuard's blog, November 7, 2012
• Advanced Tools for Android Reverse Engineering on FortiGuard's blog, November 5, 2012
• Hashdays Android Challenge: Win a FortiGate on FortiGuard's blog, October 29, 2012
• Hashdays challenge by Fortinet to begin on Oct 29, 2012, on FortiGuard's blog, October 23, 2012
• Android/Fakemart's end: authors has been identified on FortiGuard's blog, October 19th, 2012
• Android malware distributed by malicious SMS in France on FortiGuard's blog, September 21st, 2012.
• Making money out of Android/Fakemart on FortiGuard's blog, September 3, 2012.
• Dalvik Executable (DEX) Embedded in another DEX! on FortiGuard's blog, August 23, 2012.
• Android byte-code obfuscation challenge on FortiGuard's blog, July 30th, 2012.
• Controlling Android/Zitmo by SMS commands on FortiGuard's blog, July 21st, 2012
• StarCraft culture to understand Android on FortiGuard's blog, June 19th, 2012
• Tracking Android/Foncy - on FortiGuard's blog, June 6th, 2012.
• Back from EICAR 2012 - on FortiGuard's blog, May 25th, 2012.
• DroidKungFu is getting smarter (hopefully, so am I) - on FortiGuard's blog, May 11th, 2012.
• Mobile Botnets: We Had Told You So - on FortiGuard's blog, April 20th, 2012.

2011:

• Analyzing CarrierIQ's defense - on Fortinet's blog, December 20th, 2011.
• Android/Foncy emanating and propagating in France on Fortinet's blog, December 15, 2011.
• CarrierIQ on Android - FAQon Fortinet's blog, December 13, 2011.
• Levitator: Root on your Android phoneon Fortinet's blog, November 25th, 2011.
• OpenBTS for Mobile Malware Analysis - on Fortinet's blog, November 17th, 2011.
• Symbian malware uses a 91-byte XOR key on Fortinet's blog, November 8th, 2011.
• Clarifying Android/DroidKungFu variants on Fortinet's blog, October 26th, 2011.
• VB 2011 talks, part 3 and end on Fortinet's blog, October 25th, 2011.
• VB 2011 talks, part 2 - on Fortinet's blog, October 18th, 2011.
• VB 2011 talks, part 1 - on Fortinet's blog, October 12th, 2011.
• QR code and mobile malware: it happened! - on Fortinet's blog, October 3rd, 2011.
• Spitmo gets on Android: mini-FAQ - on Fortinet's blog, September 16th, 2011.
• Android/Zitmo: an Update - on Fortinet's blog, July 18, 2011.
• Zitmo hits Android - on Fortinet's blog, July 8, 2011.
• Android/CruseWin carries a malicious kill switch - on Fortinet's blog, July 4, 2011.
• Android/DroidKungFu: attacking from a mobile device? - on Fortinet's blog, June 16, 2011.
• Android/DroidKungFu uses AES encryption - on Fortinet's blog, June 9, 2011.
• Android/Smspacem under the microscope - on Fortinet's blog, May 30, 2011.
• Airpush... pushes the envelope - on Fortinet's blog, May 17, 2011.
• iPhone Tracking - on Fortinet's blog, April 21, 2011.
• Mobile Malware Statistics - on Fortinet's blog, March 28, 2011.
• How Android/Fake10086 selectively blocks SMS - step by step - on Fortinet's blog, March 10, 2011.
• Android/DroidDream uses two vulnerabilities - on Fortinet's blog, March 3, 2011.
• Hacking Mobile Phone Statistics - on Fortinet's blog, March 1, 2011.
• What's new in Zitmo.B? - on Fortinet's blog, February 23, 2011.
• ShmooCon 2011 Debriefing - on Fortinet's blog, February 9, 2011.
• Mobile phishing related to Yxes - on Fortinet's blog, January 12, 2011.

2010:

• Hidden feature in Android spyware - on Fortinet's blog, November 12, 2010.
• Symbian malware and Internet Access Points - on Fortinet's blog, November 4, 2010.
• Zitmo Follow Up: From Spyware to Malware - on Fortinet's blog, September 28, 2010.
• Zeus In The Mobile (Zitmo): Online Banking's Two Factor Authentication Defeated - on Fortinet's blog, September 27, 2010
• You can't judge a book by its cover - on Fortinet's blog, September 7, 2010.
• iPhone 4 / iPad: the Keys Out of Prison - on Fortinet's blog, August 5, 2010.
• Mobile Malware Sends WAP Push SMS - on Fortinet's blog, August 3, 2010.
• Symbian Signed Mobile Malware: One Gang? - on Fortinet's blog, July 29, 2010.
• SymbOS/Album One Step Closer To Mobile Botnets - on Fortinet's blog, July 15, 2010.
• SymbOS/Album Follows the Path of SymbOS/Yxes - on Fortinet's blog, July 8, 2010.
• How to send an SMS - the geeky way - on Fortinet's blog, June 7, 2010.
• EICAR 2010: Presentation Round-Up - on Fortinet's blog, June 4, 2010.
• Airport flight schedule crash (unharmful) - on Fortinet's blog, May 25, 2010.
• WinCE/Terdial or impunity for dialers - on Fortinet's blog, May 17, 2010.
• No, the iPad is NOT hacked - on Fortinet's blog, May 3, 2010.
• Reversing the Symbian Enoriv malware - on Fortinet's blog, April 13th 2010.
• SymbOS/Yxes goes version 2 - on Fortinet's blog, March 4th 2010.
• 10 Predictions for Mobile Malware in 2010 - on Fortinet's blog, January 28th 2010.
• Malicious Transfer of IM3 funds: the Return - on Fortinet's blog, January 26th 2010.

2009 and before:

• Duh's not malicious, dude! - on Fortinet's blog, December 10th 2009.
• Securing your jailbroken iPhone - on Fortinet's blog, December 2nd 2009.
• John Doe's Credentials - on Fortinet's blog, November 16th 2009.
• Targeted Spam: an Unfair Blow to Security - on Fortinet's blog, November 5th 2009.
• When Your Phone Becomes Your Worst Enemy - on Fortinet's blog, October 27th 2009.
• Keep your phone healthy: H1N1 vs. SymbOS/Yxes - on Fortinet's blog, October 13th 2009.
• Transmitter.C is not Yxes.E - on Fortinet's blog, August 26th 2009.
• Symbian Certificates or How SymbOS/Yxes got Signed - on Fortinet's blog, August 4th 2009.
• SymbOS/Yxes or downloading customized content - on Fortinet's blog, July 21st 2009.
• Detecting spyware for iPhones - on Fortinet's blog, July 16th 2009.
• 'Friendly' spam: A trick for managing unwanted emails from family, friends - on Fortinet's blog, June 25 2009.
• June 9th, 2009, Trash CRC32
• April 21, 2009, 2D Codes: Lowering the "bar" for mobile threats ?
• April 13, 2009, Attacking stamps for fun and profit ?
• March 9, 2009, Flocker virus writer's name found via Google? Or privacy issue?
• February 23, 2009, A cryptographer's eye on antivirus analysis

Challenges

I designed a few crackme if you feel like trying:

• Hashdays 2012 Android Challenge: [APK] [blog post 1 and blog post 2] [Solution]
• Insomni'hack 2012 CTF: [APK] [Solution]
• Basic Firefox OS CrackMe

I am in the pic0wn CTF team. This is a very small team, but it's fun :)

• Insomni'hack CTF 2017: 56 :(
• Vulnerability identified at the IoT Village competition in DefCamp 2016 (to my knowledge, only 3 were identified by all competitors)
• Hack.lu CTF 2015: 83 (6th local team)
• SSTIC 2015: 3rd in 0-Rulez and our solution was mentioned as the most original ;)
• Insomni'hack CTF 2015: 30
• Hack.lu CTF 2014: 161 (5th 'local' team)
• Hack.lu CTF 2013: 97 (6th 'local' team)
• ... a long time ago (2003) challenge SecuriTech: 42

Podcasts

• Sécurité des objets connectés sur NoLimitSecu, October 30, 2016. In French.

Memberships

I was program committee member of:

• GreHack 2016 and 2017
• Virus Bulletin conference 2016 and 2017 reviewer
• WiSec 2014 posters
• the Security Topic at LSM 2005. [Slides]
• IEEE ClusterSec'06 Workshop

Android Security Acknowledgements in 2014.

Patents

I'm the inventor (or co-inventor) of those patents:

• 2001 Data integrity check method using cumulative hash function [10/034706]
• 2001 Upgradeable time stamp mechanism [10/027341]
• 2001 Virtual worm method and system [10/034,055]
• 2001 Method and system for providing a secure time reference in a worm [10/034709]
• 2002 Method and system for timestamped virtual worm in a SAN [10/202,067]
• 2002 Secure E-mail Timestamping [10/184477]
• 2003 Method and computer system operated software application for digital signature [10/740484]
• 2005 Method and system for managing electronic data content [WO2007074232]
• 2005 Procédé et système d'analyse de page [FR2895817]
• 2005 Method for creating a secure counter on an on-board computer system comprising a chip card [WO2007080289]
• 2005 Method for authenticating applications of a computer system [WO2007077362]
• 2006 Système et procédé de sécurisation de données [WO/2008/037895]
• 2006 Systèmes electroniques sécurisés, procédés de sécurisation et utilisations de tels systèmes [WO2008096076]
• 2008 Procédé de vérification de l'intégralité d'une mémoire EEPROM [FR2933791]
• 2016 to appear

Public key

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.11 (GNU/Linux)

mQELBEIJLssBCADqAloR2Ad88AiN9K/lqu3Vbs4sWTg9OctRejFmhfr3igbm1IID
QEZ14iKQ7sis7hurxYTURzxI1gKHpE85C231SZTMfWsu210YWtsg4OAlGPcHluYP
aBrBPreipr2Zan+VBTbOJ9+j1RVIyfAM5kfNuFlTrTHbksLirphZZllnEhm2Bk6E
wDQQbVs1f5oQa7Jt6gd01+MWx2fWe4Ramf1SFfrUcq4SBCgod6Js5PxW+qG9iGNC
1j/3yyGqCiZia6KYKuBD1vVwodUmmLLNSK4Rddcm/7yM7HcMbqYLWWDF8g/hjVEG
n7+/J8tHxEUCbdNKV7H/a7I4QmFZTKCCvGv1AAYptD9BeGVsbGUgQXB2cmlsbGUg
KFBlcnNvbmFsIEdudVBHIGtleSkgPGF4ZWxsZV9hcHZyaWxsZUB5YWhvby5mcj6J
ATEEEwECABsFAkIJLssGCwkIBwMCAxUCAwMWAgECHgECF4AACgkQYo6iZgEZdl6x
CwgAg65NLMcMmme7790AsEB89U7JuRw3uXrcG0Idp2+XflQRGF+wa9+NYi8M0B6v
dlINMRghMZ+BpYA81Dh9G8EamYd6aZifXN4uFyoHBMOYpz2TBQE94pMTJNDW2u+V
HaKPgiJhbd4s4oQqO0y/lpqdmDkS2ewNI4NYteL6+00ZTY+4bJeGHDVbhzlLLkni
DPuMocxIclfXUPMChiSu+RFXN1bQygnOkezozU0wvGdks08m1KDUOGYO7+dxDdNq
qYICjhbX+i2jEobiV8CuKVnTMj6MBHLp7rt2ikV55COQiRpDW+hmqc/6bKk8Cp9y
n+L+yQ9+0bxnkBoY3UqwgwsEcIkBHAQTAQIABgUCQgoZqQAKCRBO3R1vynOXk8M6
B/0bs5xIrv9kSrzl873MVMYkGfgxlzd3prCk3X09SJ98G//f46O+aQYOhqpqYKgb
7rup6vb3qHfnXEeR1mmgOjYNO9Q+Z4cRhBIoo0HnNl0HhLMO0ZHC33CTw5pzRsJS
I7ZLTnvlUZ+gjuUDjubEnUvTUrtUorX5tUMb4VCV5OyOto7Zb5NsflF4m+8cseo3
BCaNYsr7QG+QqOkvp2aZfmzXwJhgF2FTm2vdyDtdzg/+y7x3S+zL8fYzd1jMc99Z
zcTwQOTJVRgRmDbv/lF2wMbcp9UKEbIfUgpJJGUmvAzZIVA0EWl9rWFQqjng38p6
g+wdjpl9a+ZqRWQVtcw92Tqn0cvUy9IBEAABAQAAAAAAAAAAAAAAAP/Y/+AAEEpG
SUYAAQEBAEcARwAA/+EAFkV4aWYAAE1NACoAAAAIAAAAAAAA/9sAQwAFAwQEBAMF
BAQEBQUFBgcMCAcHBwcPCwsJDBEPEhIRDxERExYcFxMUGhURERghGBodHR8fHxMX
IiQiHiQcHh8e/9sAQwEFBQUHBgcOCAgOHhQRFB4eHh4eHh4eHh4eHh4eHh4eHh4e
Hh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4e/8AAEQgAjwBvAwEiAAIRAQMR
Af/EABwAAAEFAQEBAAAAAAAAAAAAAAMCBAUGBwABCP/EADoQAAIABQIDBAcGBgMB
AAAAAAIDAAQFEiITMgEGQiNSYnIHERQzgpKiFSEkMcLwQWNxc9LyNENhsv/EABoB
AAIDAQEAAAAAAAAAAAAAAAACAwQFAQb/xAAoEQACAgEDAwQBBQAAAAAAAAAAAgMS
BBMiUhQjMgEFEUJiMTNBYfD/2gAMAwEAAhEDEQA/AExxFcu2Eky0vixjsrroYUUO
XTuhXdxgeW6DKK4tsBwTaXwxxY29MEtxy2wol3FdaUB0GK/FCrSxGCCNowol247r
oDgG0h6cfF1RxCV2OMEasS3DcUDyygATbaP+UdkPmhVuXdjiG4tsAAbRtES2xxCV
vigxB4YS0DLZb6+qABrcLCIrYII94oGF27q7sEG0ihTpxWr2ljDf2q52mOowv5Y3
Q4aVwkVuIjHDcpy2LWSRcsWabNw49UZ+blyQrtBl7dgiGiRWkVrO6UPFDd/lDN6l
tESLFm4SGFC2YWVuiLLeocYhxvdo5F7m1iFZOQ6xJm7KOtGG4vmBL/j/AFRwtcWJ
S/1Ra6/H5DWUcW/6wMjSv3kwhZd3UygZLmH4jiJdMEbLLUkR0xuinJ7rGrVjFaTi
DE9UuzcJeUoII+WFIYsiYtZCWiWmWPVbd+qFWl826NaBrLYmbaJaI3bsu7CbRt+/
b0wTSISIrvqgZ3ceBDd1RIcI8SJg44wZQ5QESIh3dXVBB95uhTobG7L6oG8ZgmCT
MliNowZREQw+0hIRHpjH92krGu0VmatRiJLLcy3p2wZTZe63Uh0MssiErcocKlk2
jcPzR5/tsQDHVl7veDChZLkWLlxJFIy57tOBlSJcu78sGnHyE3DUSSP/AGDAZpgs
HErih82iy/SQw1bRcsWMHylDRRxq1rBb8RIjcIlHEOVpEMD+z5xXu5gi/uZQNTJp
TLWJu8Qx6aDPhrX9CZZFYMQ3DChG3Hp8scNpLhRCQjjjGgSkOgbh7sGERIdsBQJL
tuyh0OTOkoDrChxX0lExSpEppPZsESHvdUQ4423DE9y00riIchu3RR9xVWj3FiCN
WbcOCpVQEbhSt3lK2EjLTi91PZ8OUWqWO8Ryu+GHFvVpjb5YwWxI2+pI2JGUki0/
eS7xL+2UKF6brbiEvLF0JQkO2G75WXZuWsi8QwvRKL0S8iqi1cKFq9uMWApSXXd+
HX8ow3eqmkWUqsYj6ReQdFxYh9Ue8MBe2XESIu0YOQiMShDJhkmVX8UNZ7RFJYrW
RCUdixVtUOgqtmYr4iQry3FcVowQOPqH1ld98cJXRx3EWQ4x7GJarUqkOgsR7pfT
DoRtx/1gcsN1o7rRicGisZSZeeSwi1XaZLt2/u2GVQIcR823uw6p72SjiIfdluGO
nECp2nut/wDrq+q6G5ERdWMQyxrItWJI2ZWspfKLUJd68WEReGJi5dvvPmGMlbV5
ORymJxCSEsbmRoXJM8mtU/Ul54XMErSG6MuTHaPxLitYlryG3tIG1veg05LMlUk6
YHTFe4iIYCiRKbG5YkQljcNsV2WRfqTLXkNXvWVwxHvt3WldDzmOlOptPZOMmEWr
yISK0oqv2my20mDAuJK31JNaJSa1UrWRF0xB1CZJriK7GBvaxvvCx80D27bY0MLC
02sxRycnU2qex40rer5o7qESjj3RqlIj5Zmkxbkl2iyEhi/UyeT9jsWlYpYwtRiW
D7siyx8MRPKdFXo+2TBCwSxFfdit88U2vNqEnMUlb5payFbvEIjcXd8Xyx1o2WM5
+41VGfP/ADjTae4peTX7VOF7zujbtuLvRnczWuYK07RW4lrItqezEfijbJblCkql
WM+z1+0OXuYvIWEOWUZ7VeWagK5quUcWex3EQpYOLhHEiHuxTkWRlsppYzRr5ELS
qVLyfbOtmHd4umNQ9C04sK0ynutJcykht8Q5D+qM7pE2moJuXaLB3L7pRYOU5sqf
zNIzA3dm4cfijNWTubjRkjtG3oXj081N1P5JZT8nLm+zWJFkNuX6YnvQ7IzVM9H9
NWUwt2usWDbkQ3DGU+m6vlU+cmSosFknIYrEdpF1FGoUWvJpnopk6lLsXqaIrSP8
zb9OXyxoMy1MqrbVX7Ff9MFaGcmioa8loL8QXeLu/DGXkielHCylzTE27hJlw/LE
lMtY1zHMYTGEVxMLcRQxnpxMjKlMOIRt/dsZupI0nybGlGsdQiOcZiRmNGqS4kJF
kSxtKLlLTKZtK3JK5bBuEoweZnnTk4xznEWoW7uxono0qTCIpNzLls2+aNKKRl2s
Zc8CstlL59PihN1xbo4cYVaQj0xdM4TJ1WepjJeYYn8GghK0cRIvFFo5Xq5VOkjN
SorJjGZWlday7KI/mNHt1BXSZPTJj1iu5xWkK9xfLFNbTKx6O6SuXk3e0C+aWxjC
6RG7GOtZbcTq1ZeLFw5lmnK5iX7Ol8wy21yUuxISK3b0wmZ5vkZmkzFNkZOZTOEk
kpQ5e0i6fLuhv6Pp6nqlZyYc4VzhMu1GbRG7HL4omH0Zb64mqahS5CWIiI2kNt11
3mgT5ZbKLG3p9vQwvmOi1DlCtJc7IXDczTG0S8sTgsv03JLxCUPPTJWibUJOkz0q
sRUWoTrd3TaPhERiHU3sxt+mMfNVVk2noMRmaPcV2ptYbGE4iJmpkUWqi1qabynJ
0lxfh5ZzGJ+L9lFXq6i+1CER96V1vmGJaW7CXFIliMLM3bryFx4u4zcR4+ZWhetM
MEVjkMUevVNlRmssUr2jD7mOsJ0ylbbiIvliv3FdcUNjQ1WzEkjWaoQcR7sT3LU4
yWmlsErSEror926JClF+IEosN4h/BuUi32mVW7vDBhLK0hhrQyupsuRYiSxxKHnF
YjwHq/8AIuKeffyKHVeap6TryUy9sxOLXqLFmQ3F+rqh9V+b6lzHI6cxLlJsW7U6
iEum2K3ydIjV/SVMLmiIloXku63HHGNeqfL9FVRWS8qS12pItQulhW7vFiULVmXy
GlatVUqPLjVqqkq53aS+oLC+WNKnK5S1yZTUxMCvTXqFa63vW/FiWPljIxIUOXJp
cTNMhuYwbdQYrvN9cl2iUqlbRXcWpawrWFFXFdo1Zf7Dc0irUiefaqNX5onJxbGM
WTLVkwsrYectTxNX7K4u0EcfEMVloCIwqnk5cwtyS7QWbYWddRTeiqql2nkCc8uY
LpXbbEHzDVdC5KbdTvd2E1esaSySkrmENpM7sVu64tRmV3iivHDbcwNJXaoSWlpi
enFpl1lMTDitER6oNPSrqfOOlZgRFyStIbosnLnOzqOlcvT6PTVksbdYk3MZ5iiH
5lqDKq5k85Ircz3lvVFyxCtiNUVw+GJKlW62URcmJEsvNEtSvfCMEniTRmzcudpR
ZO673I7okBxKI/lzKiytpbViMSVnr++78vDFpfEwZPJjK+R6mNP9JU4JFcyZtWtZ
MFYkXiLuxtD1TX2W5zk/jCK3TTaQiRbSy7t1sfM3NhMRWVPSXHhxMR9XHhx2kMWL
k7neoHWZDhUpwilhcN58OHHiXAdv+MR6lVLGnqMpo9ck0oqEnJilkxMEy5jCLIh6
rYunMfK9LqFFYPs6iWxOI7f2UMJiVRVqhJzirkOle0WX3ROzdQBMpwB9xceH58eP
Dhx9UUbbfyJIkkWRrf70Plmqr9mnnS5blsJfywxKZJVwrxIolqyhj6zNt4F6+BuI
uHHj/HKGU1TWCREHHhaJfw+6LCKXGk+owIiIso4IcKpjVERMbcP9IdS9PM/zIeES
iqw1llkJXQqeK5IjEomQMAHjxL1cNvq4R6UhqXCXru/rCDWUipNfYkUS1MUWtqdM
eJlOKRtDhw4xL0mV4sG6y3p/OFZbBqVUvVPnJiUptNGXl2OWy3WtHaNwj+qJKk1X
jOzLOPBZy6xSLVg0bWcLiISuH4R+aGt9SlpaURJrHiHFP38eNv3ZD+m6Az87XESn
ErE6nEw9XAePqx9R+v8ATFpfExZNzH//2YkBNAQTAQIAHgUCQgocGQIbDwYLCQgH
AwIDFQIDAxYCAQIeAQIXgAAKCRBijqJmARl2XsUKCACnsoy4/Y4walQ+qH4/Ults
o8VwwU81Tx7LNWlRU2yPSefxZkwUrQTeHIPMvAIPCq80MzPvIGxcJOEegX85EpyG
ksG0iclJodB0JIZLS0tdVfe2MUtqsUeQZDA4Zkg1UJRbNUReTqqRTpsFdwxpx1bv
i7SZ1d8Xahz3NhG87eNxVCH1qXkgeDxV57mhzFiOOf24Zblz27JUKv+j0QlbDOgI
SkmDgzqR5+GHbfc1VJf7EauDqBP8OkdpnqaQdtMW3RDYLJKN7oLYEkCboSC3qPgu
cKrihDL87IXJ/aKNY2hxVoIghuwBObXwdMStZleI0O9vmWNxbEuXRm0mS7SvfJfa
iQEcBBMBAgAGBQJCChzqAAoJEE7dHW/Kc5eTLxgH/A2oYBhevhN45L5uSmvWL9ax
HUKIETo3A3GTa5wCC5mntgQ3sv6eal1qhUJbgZ+itkN+Yk7V8Gfs0jtnMrOZ6jY3
OQSmv+g4RUpsqM9Vj0nhPv0QZ+ch2quj2p8N8NJZSVZHm7Hmg89q2714fWK67T3g
LLdgXgkJRA19R6G+FEeQqajcvH3G6j61hML/rH/4c2W91sjCuE800l0uMi7qJVRk
A2p/iQMtwHQiiWNi4Q4giPHad41FoC4HZzgUizo7YdW+pFDmCBR5YVoBDW3KJaXW
7sw0lVJz2CvHvZ5+w+8/4nMdEVohCoLVFArNjYWTkzLd/eXYyFajf/XhZOEiL060
K0F4ZWxsZSBBcHZyaWxsZSA8YXhlbGxlLmFwdnJpbGxlQGdtYWlsLmNvbT6JATYE
EwECACAFAkbqd5ACGw8GCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRBijqJmARl2
XpA8B/oCLxx244LhGaUebu++XxsdJ3cQhUQupz9SyKzsX+Ggcu5/HsrcaRg6Iv+Y
fi0LTLTqKuP8mFqFI4q8hPHByQEhKUBpuLfz9NAEpv9LijkBn8Dvqr2TzTOivOhP
bhslWTp1inJ5N5B1HHn8N0yWKqTCFySPYRvDwdHFLW6igT4eN9OcuQfDWJpL9+4Z
uYQJGWzTevo5Avt0uj7ZvqFr8RZPsSE+912Yd1ctZkzHmcwrENr7hEGC0OGijd5m
RO3tvV99wWKY7qEEYNzXDlucPWQcaUPOPch5uYb6JVbet0E59eA7f244CnLws1iQ
xxE87E93VYbvzG3kPEPIhKYB0bXMtClBeGVsbGUgQXB2cmlsbGUgPGF4ZWxsZUBw
cml2YXRkZW1haWwubmV0PokBOAQTAQIAIgUCUjyw3gIbDwYLCQgHAwIGFQgCCQoL
BBYCAwECHgECF4AACgkQYo6iZgEZdl6IVAf/YicmzU9udI4RWepbjMnx+D9yPbAP
UBUlY6JGy9yLw8/OJPW7DComUy/qoD0hzd3zpWlyW2Jit3WwUowj99OSuicLEEp9
52yDbmFgt0+NoHowlbQJ+7jDgzr6wiJY1V3eoCTCblI2MpiucsrLs/opwCDegnsz
gTJf3MohrCy4PUki0tWhcL2jWG11nuIppUQ6w+hHZEzxwhvBHzAKVv2Mxm8eBDGK
+mzUmIoDof5wWZ5WLNFcp/t266HE4yvgYFFCaPkDO1WRB/lOb/vAWZGMf2YN0qKU
BAnjInoHzdCCfneJkZzRkLHokJAk5WNXw2rx84E2LLZ9U5TuHZzXTSvZW7QeQXhl
bGxlIEFwdnJpbGxlIDxhYXB2QGdteC5jb20+iQE4BBMBAgAiBQJSjO2PAhsPBgsJ
CAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRBijqJmARl2XvuHB/9nRU6pC3wx9yaX
iNc2kQ8P8cZBXDmQ9xpuy0fHzzBkLr2xVOD7i0IOdU+mjuNpBqZC8qUQlHN1xt7g
c03mDK2FXO98/FJZOe6rHGClJvR93OAqwyWJf7q30vw5hO/wjeVOkA+3q95La/Ly
ituLsiRhVW/ZapkqLuWhPFqCFgySNhrXrEa4AqJ+FkljclwOnjHuama/ho/eGL9s
4Uzzqb+yuuopuK1J0o78CCDbWgY9YreTPATUuC3YCDTtIpRtH9VP80Tnm/kEcel+
tYcGwsp2tmOROgG8GgLOcEa7BVF/ehD+aV6FiJDB9yPWyLT/l+a1+bHt8YfyUsLy
EYl6Ek1h
=HAlk
-----END PGP PUBLIC KEY BLOCK-----