-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathindex.xml
More file actions
47 lines (47 loc) · 6.11 KB
/
index.xml
File metadata and controls
47 lines (47 loc) · 6.11 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>Dylan Iffrig</title>
<link>https://2dai.github.io/</link>
<description>Recent content on Dylan Iffrig</description>
<generator>Hugo</generator>
<language>en-US</language>
<lastBuildDate>Wed, 28 Feb 2024 10:30:00 +0100</lastBuildDate>
<atom:link href="https://2dai.github.io/index.xml" rel="self" type="application/rss+xml" />
<item>
<title>[EN] - CryptoNotes: An Android Memory Corruption Challenge</title>
<link>https://2dai.github.io/blog/en-cryptonotes-an-android-memory-corruption-challenge/</link>
<pubDate>Wed, 28 Feb 2024 10:30:00 +0100</pubDate>
<guid>https://2dai.github.io/blog/en-cryptonotes-an-android-memory-corruption-challenge/</guid>
<description><p>For Insomni&rsquo;hack Teaser 2024, I designed CryptoNotes, a challenging Android pwn challenge that combined native memory corruption with Android&rsquo;s Intent-based IPC mechanisms. The goal was to create a realistic mobile exploitation scenario that required players to chain multiple exploitation techniques across the Android application framework and native code layers.</p>
<h2 id="challenge-concept">Challenge Concept</h2>
<p>The concept was basic:</p>
<p><em>A security researcher stored a sensitive note in a new note-taking application</em>.</p>
<p>As an attacker, you can convince the researcher to install your malicious application and start its main activity. The task was to find a way to leak the notes and capture the flag.</p></description>
</item>
<item>
<title>[EN] - Attacking Android Antivirus Applications</title>
<link>https://2dai.github.io/blog/en-attacking-android-antivirus-applications/</link>
<pubDate>Wed, 29 Mar 2023 04:07:25 -0600</pubDate>
<guid>https://2dai.github.io/blog/en-attacking-android-antivirus-applications/</guid>
<description><p>Although the usefulness of security tools such as Antivirus, VPN and EDR is now indisputable in business circles, these solutions often need a lot of privileges and permissions to work properly, also making them an excellent target for an attacker. The presence of a bug in one of these types of solutions could allow a malware to elevate its privileges and cause more damage to the organization.</p>
<h2 id="introduction">Introduction</h2>
<p>Recent research at SCRT has been greatly motivated by the paradoxical idea of attacking security solutions. Could these solutions that are supposed to protect the system and block attackers be abused by an attacker to gain even more privileges on the system ?</p></description>
</item>
<item>
<title>[EN] - Insomnihack 23 - Andropwn writeup</title>
<link>https://2dai.github.io/blog/en-insomnihack-23-andropwn-writeup/</link>
<pubDate>Mon, 27 Mar 2023 04:05:25 -0600</pubDate>
<guid>https://2dai.github.io/blog/en-insomnihack-23-andropwn-writeup/</guid>
<description><p>This challenge is a vulnerable android application. The attacker needs to exploit IPCs and Permissions issues to compromise the application and leak the flag.</p>
<h3 id="description-of-the-challenge">Description of the challenge</h3>
<p>Our administrator saved a sensitive note in his <a href="https://2dai.github.io/files/app.apk">note-taking application</a>. I convinced him to install your mobile application and start the main activity on his device, please find a way to leak the notes.</p>
<p>System running: <code>system-images;android-30;google_apis_playstore;x86_64</code></p>
<h3 id="solution">Solution</h3>
<p>When we run the application in an Android Emulator, we can quickly see that the application is a basic Note application. A user can add and edit notes <code>¯\_(ツ)_/¯</code>.</p></description>
</item>
<item>
<title>[FR] - Présélection Française pour l'ECSC 2019</title>
<link>https://2dai.github.io/blog/fr-pr%C3%A9s%C3%A9lection-fran%C3%A7aise-pour-lecsc-2019/</link>
<pubDate>Wed, 12 Jun 2019 04:05:25 -0600</pubDate>
<guid>https://2dai.github.io/blog/fr-pr%C3%A9s%C3%A9lection-fran%C3%A7aise-pour-lecsc-2019/</guid>
<description><p>Le lundi 13 au mercredi 22 mai 2019 s&rsquo;est déroulé les phase de présélection nationale pour l&rsquo;European Cybersecurity challenge (ECSC). Près de 1 200 candidats se sont affronté pendant 1 semaine dans l&rsquo;objectif de représenter la France pour la compétion européenne qui se déroulera à Bucarest.</p>
<blockquote>
<p>Près d’une quarantaine d’épreuves ont été mises en ligne pendant dix jours afin de tester les candidat(e)s, mais aussi les curieux et les curieuses, sur des domaines variés : le web, la cryptographie, reverse, forensic, etc.</p></description>
</item>
<item>
<title>colophon</title>
<link>https://2dai.github.io/about/colophon/</link>
<pubDate>Sat, 22 Aug 2015 06:28:26 -0700</pubDate>
<guid>https://2dai.github.io/about/colophon/</guid>
<description><p>This website is a personal homepage.</p>
<p>The site is built with <a target="_blank" rel="noopener" href="//gohugo.io">Hugo</a>—a static site generator made with Go. The website <a href="https://2dai.github.io/">source code</a> is available on GitHub. It uses the <a target="_blank" rel="noopener" href="//github.com/nishanths/cocoa-hugo-theme">cocoa</a> theme. The posts are written in Markdown.</p>
<p>The primary font face is Open Sans and the monospace font face is Ubuntu Mono. The social icons are from the Ionicons font set. CSS classes for code syntax highlighting are inserted during compile-time by Hugo using Pygments.</p></description>
</item>
</channel>
</rss>