La nouvelle newsletter de la librairie avec notre sélection estivale, c'est par ici !

https://open.substack.com/pub/librairielanuitdestemps/p/un-ete-caliente-a-la-nuit-des-temps?r=21k6az&utm_campaign=post&utm_medium=web

@zhenech yeah right! but in due time ! I sure hope the X201s will see Forky

@zhenech my X201s runs Bookworm so not yet, and my X250 is temporarily down since my migration to X13G5, but yeah, I feel seen.

So, who was in the @signalapp group where the strikes where planned this time?

L'ANSSI publie de nouvelles recommandations relatives au #ZeroTrust.

L’objectif principal du modèle Zero Trust est de réduire la confiance implicite accordée à un sujet souhaitant accéder au système d’information (#SI).

https://cyber.gouv.fr/publications/essentiel-zero-trust

#anssi #infosec #cybersecurity

@SwiftOnSecurity xclip!

Day 4 of UN Open Source Week – It's DPI Day!

Today’s focus: #DigitalPublicInfrastructure* and its crucial role in sustainable development. This day brings together governments, organizations, institutions, and other actors to coordinate, share insights, and promote effective strategies for creating digital infrastructure for all.

(1/3)

@adulau it’s actually a small trend I think (at least I’ve advertised it at $work and around quite a few times): finding vulnerabilities can be valuable and a good contribution, but if the maintainer can’t (for whatever reason) fix them, it’s kind of useless. We really need something *after* that: contributions for fixing code (in a way acceptable upstream). This is not a job for security researchers though (which usually don’t have good reasons to be good developers).

So, a bit late, but a TL;DR of the #sstic2025 :D

#sstic

Kube scale me one more time – TL;DR:

(The demo is made on GCP, but it can affect other cloud providers such as AWS' EKS.)

The issue comes from:
- the creds of a deleted Node are still valid
- a node, when created, can provide its own providerID.

Thus, by using the autoscaling functions, it’s possible to priv esc from a machine (actually just having kubelet creds) to the admin of the K8S cluster.

https://www.sstic.org/2025/presentation/kube_scale_me_one_more_time__exploiting_autoscalers_for_kubernetes_cluster_compromise/

https://github.com/padok-team/kne

——

Argo CD secret - TL;DR

Using misconfiguration of secrets, you can become an admin of the ArgoCD cluster.

Please review who can view the argocd-secret. Make sure only the Argo CD UI can access them. Disable the local admin if not needed.

https://www.ledger.com/argo-cd-security-misconfiguration-adventures

https://www.sstic.org/media/SSTIC2025/SSTIC-actes/argo_cd_secrets/SSTIC2025-Article-argo_cd_secrets-iooss.pdf

——

All the ways are going to DROP; TL;DR:

About BT Mesh 1.1, a really recent protocol. Any attacker in the mesh can create a fake route rule (in the forward table). This could remove some nodes from the network or intercept the communications between two nodes.

[FR] https://www.sstic.org/2025/presentation/tous_les_chemins_mnent__drop__une_valuation_de_la_scurit_dun_mcanisme_de_routage_du_bluetooth_mesh/

———

We Have A Deal: we provide the lego bricks, you build cool wireless attacks; TL;DR:

This talk is about why and how WHAD (a toolkit to implement radio attacks; whad.io) is made in a modular way, where each action is a brick, you linked to the others.

whad.io

https://github.com/whad-team

———

Key recovery in ; TL;DR:

This famous MCU is composed of 2 cores: one for the user mode, the other for the radio. The radio firmware is encrypted and signed with an internal PKI. This core is also responsible for ingesting some AES keys for encryption (as a security computation unit, as a TPM or an HSM).

By using a race condition, we can dump and even rewrite the radio firmware from the user core.

Some days before the talk, they pushed a new firmware with a new update mechanism. It’s easier to bypass the update verification.

https://blog.xilokar.info/stm32wb55-fus-20.html

———

afl-cov-fast; TL;DR:

It’s a tool to create coverage information from AFL++ when we don’t have sources. It works for every runner (qemu, Frida, etc.) and covering data is able to be loaded in any reverse tool (via plugins).

https://github.com/airbus-seclab/afl-cov-fast

———

Pyrrha & friends; TL;DR:

Tool to increase the productivity in the reconnaissance phase of a file-based firmware (currently only executables). It gives usage data of the binaries and functions across the system.

https://github.com/quarkslab/pyrrha

———

Pwn a car entertainment system in 5 mins ; TL;DR:

Pentest of an entertainment system embedded in a used car that can be found in the wild. These cars are the FR state cars. The pentest is performed by an attacker being outside the car and without user interaction.
The rooting of the system has been realized by exploiting an old vulnerability in a totally different way than provided in the small disclosed details of the CVE.
The rooting of this system can result in the sending of CAN commands.

[FR] https://www.sstic.org/media/SSTIC2025/SSTIC-actes/300_secondes_chrono__prise_de_contrle_dun_infodive/SSTIC2025-Article-300_secondes_chrono__prise_de_contrle_dun_infodivertissement_automobile__distance-bouffard_trebuchet.pdf

———

ID of MCU firmware; TL;DR:

How the file/libmagic db has been improved to identify the firmware of an MCU. Pushed in the upstream db of the file/libmagic.
Also, to know the exact chip targeted by the firmware, the chiprec.py script has been created.

https://github.com/erdnaxe/chiprec

—————————

Eurydice; TL;DR:

Web UI, solving a lot of issues regarding the file transfers to a classified environment via a network diode.

Only useful when you got a network diode :D

https://github.com/ANSSI-FR/eurydice

——————

WireGo; TL;DR:

A flexible plugin development framework for Wireshark. It has been created to develop a Wireshark dissector plugin faster when reversing a protocol.

https://github.com/quarkslab/wirego

———

APKPatcher; TL;DR:

Tool to quickly and reliably patch APK, add proxies and certificates, libraries, and much more.

NB: not apk-patcher, but apkpatcher (no dash)

https://apkpatcher.ci-yow.com/

https://gitlab.com/MadSquirrels/mobile/apkpatcher

———

hrtng; TL;DR:

Plugin IDA Pro to automate some recurring tasks when reversing (incl. vtables!)

https://github.com/KasperskyLab/hrtng

———

Windows Kernel Shadow Stack; TL;DR:

Analyze the implementation of the shadow stack in the Windows kernel.

It uses HVCI-like protection to render the shadow stack really read-only for the kernel and read-write in the secure kernel. It is well effective. This protects against the ROP, but, of course, not this JOP.

https://www.sstic.org/media/SSTIC2025/SSTIC-actes/windows_kernel_shadow_stack_mitigation/SSTIC2025-Article-windows_kernel_shadow_stack_mitigation-aulnette_jullian.pdf

https://github.com/synacktiv/windows_kernel_shadow_stack

https://www.synacktiv.com/sites/default/files/2025-06/sstic_windows_kernel_shadow_stack_mitigation.pdf

———

Windows network tooling; TL;DR:

Tool with Scapy to implement a secure and modern implementation of LDAP, DCE/RPC, and SMB. In a nutshell, like impacket, but with the modern Windows security, every SSP everywhere. So it does not fail each time we meet a secure configuration of a Windows env.
Merge in Scapy, except the DEC/RPC compiler, which is in another project : github.com/gpotter2/scapy-rpc

https://github.com/secdev/scapy

https://github.com/gpotter2/scapy-rpc

———

Mofos; TL;DR:

VM management, as Qubes OS, but with KVM/LibVirt

https://github.com/Synacktiv/mofos

———

Analysis of MS365 auth; TL;DR:

Deep analysis of the MS365 OAuth to try to LPE without the user noticing.

https://www.sstic.org/media/SSTIC2025/SSTIC-actes/les_politiques_dacces_conditionnel_azure_un_monde_/SSTIC2025-Slides-les_politiques_dacces_conditionnel_azure_un_monde_aux_mille_merveilles-barjole_barbe.pdf

———

Feedback of PQC pentest; TL;DR:

Small feedback on how works some part of the PQC and how to pentest it.

To learn more, check the blog post of SynAcktiv

[FR] https://www.sstic.org/2025/presentation/retour_dexprience_sur_la_monte_en_comptence_dun_cabinet_daudit_en_cryptographie_post-quantique/

———

Quic; TL;DR:

There are some default implementations of the QUIC protocol, e.g., some values that should be truly random but are not random.

[FR] https://www.sstic.org/media/SSTIC2025/SSTIC-actes/quic_from_rfc_into_the_wild/SSTIC2025-Article-quic_from_rfc_into_the_wild-huet-le-rumeur.pdf

———

Soxy; TL;DR:

A reliable solution to forward network, files, copy-paste, etc. for RDP, Citrix, VMware Horizon, and XRDP. To transfer the soxy client, a solution has also been created.

https://github.com/airbus-seclab/soxy

———

UDP in proxychains and bbs; TL;DR:

How they implemented UDP in proxychains and some of its limitations. (A lot of error management is not implemented (yet))
BBS is like proxychains, but with routing, logging, and filtering. No UDP yet.

https://github.com/hc-syn/proxychains-ng/tree/udp-associate

https://github.com/synacktiv/bbs

———

SCCMSecret.py; TL;DR:

Test the SCCM access (including anonymous access) and extract files and configurations.

https://github.com/synacktiv/SCCMSecrets

———

What happens if I press here; TL;DR:

Feedback of pentesting industrial things

[FR] https://www.sstic.org/2025/presentation/retex_tests_industriels/

———

Random Factory reset; TL;DR:

There is a low (11 ppm here) but real risk of a conflict in the ACPI access in read only. Take care when dumping the configuration (including sysctl -a)!

[FR] https://www.sstic.org/2025/presentation/investigation_aux_frontieres_du_systeme_cas_d_un_reset_factory_aleatoire/

———

Explainable AI in malware analysis; TL;DR:

Use the MalConv2 model to determine which function is malevolent or not, tracking off the biases. Dataset to complete.

Currently improving this model based on the capabilities (using mandiant CAPA)

https://github.com/glimps-re/xai-malconv2

https://github.com/FutureComputing4AI/MalConv2

https://github.com/mandiant/capa

https://www.sstic.org/media/SSTIC2025/SSTIC-actes/from_black_box_to_clear_insights_explainable_ai_in/SSTIC2025-Article-from_black_box_to_clear_insights_explainable_ai_in_malware_detection_with_malconv2-laigle_chesneau_salmon.pdf

Use Signal. We promise, no AI clutter, and no surveillance ads, whatever the rest of the industry does. <3

La Cour des comptes publie le rapport sur la réponse de l’État aux cybermenaces sur les systèmes d’information civils

”Face aux #cybermenaces croissantes, la stratégie nationale de lutte définie fin 2024 doit être mise en œuvre avec des ressources adaptées, une gouvernance interministérielle renforcée et la promotion de la culture #numérique souligne la Cour.”

https://www.ccomptes.fr/fr/publications/la-reponse-de-letat-aux-cybermenaces-sur-les-systemes-dinformation-civils

@cyberfr

@cvvhrn With AN/ASG-34A(V)1 IRST pod?

@egorshkorov the two-seat one is the Foxtrot though :)

@zhenech we had Brother printers

Bringing our mission to securing open digital infrastructure to the UN 🇺🇳🗽

The Sovereign Tech Agency will be in NYC next week for UN Open Source Week, hosted by the United Nations Office for Digital and Emerging Technologies and the United Nations Office of Information and Communications Technology.

Co-Initiator and CEO of the Sovereign Tech Agency Adriana Groh will speak at the panel "The Role of Open Source in Digital Public Infrastructure" on June 18th, as part of OSPOs for Good.

(1/3)

Nouvelle date : vous pouvez candidater pour les prix #scienceouverte du logiciel libre de recherche 2025 jusqu'au 23 juin 2025 !
https://www.ouvrirlascience.fr/les-candidatures-pour-le-prix-science-ouverte-du-logiciel-libre-de-recherche-2025-sont-ouvertes/

Le SSTIC c'est fini ! Un énorme merci à toutes les oratrices et orateurs, la conférence c'est avant tout vous, on ne fait que faire un écrin autour de vous.

Merci aussi à toutes les personnes qui ont osé soumettre leur travail, sans cela pas de sélection ni de conférence. Merci aussi aux conceptrices et concepteurs du challenge (et aux challengers !)

Merci aux membres du comité de programme qui ont relu, commenté discuté les articles, fait des commentaires.

Merci aux différents sites qui nous accueillent (Couvent des Jacobins, Halle Martenot, Halle de la Courrouze), aux personne qui les gèrent et les animent. Merci aussi aux gens qui nous nourrissent (et nous abreuvent) pendant ces trois jours.

Enfin merci à tout l'auditoire qui se déplace en nombre pour venir voir et écouter la conférence (ainsi que les personnes qui suivent à distance). Votre présence et votre soutien année après année nous fait chaud au cœur.

Merci à toute la communauté, bon retour et à l'année prochaine !

#sstic #sstic2025

We’re excited to share that Adriana Groh will speak at Capital Series Poland on 11 June 2025 in Warsaw.

Organized by @OpenForumEurope under the Polish EU Council Presidency, this high-level event brings open source policy discussions to Warsaw, focusing on digitalization, cybersecurity, digital sovereignty, AI, and more.

Adriana will join Astor Nummelin Carlberg for a session on "Europe and software security", highlighting the EU’s role in sustaining critical open source infrastructure. (1/2)

⚠️ Alerte CERT-FR ⚠️
Une vulnérabilité critique a été découverte dans le portail de messagerie de Rouncube. Elle permet à un utilisateur authentifié d'exécuter du code arbitraire à distance.

https://cert.ssi.gouv.fr/alerte/CERTFR-2025-ALE-008/

Le PDF des actes (recueil des articles) est en ligne : https://actes.sstic.org/SSTIC25/sstic-2025-actes.pdf

#sstic #sstic2025