Lightning talks

The LSE is back with new lightning talks after the pandemic interruption.

Every first Tuesday of the month (in theory), the LSE organises lightning talks. A lightning talk takes between 15 and 20 minutes and is a short perspective about a subject members have found interesting.


June 7, 2022

  • To cache or not to cache, making pkg_add faster (Marc Espie) slides video

    There are lots of factors for designing a package distribution system: reliability, footprint, and speed. As for footprint, the strategy has always been: grab as little as we can, and decide to update or not. We’ve long resisted adding caching, because it’s so easy to get out-of-whack, and also because this would require supplementary tools in the base system,leading to a chicken&egg problem. This talk is about the fairly low-tech approach to caching I finally tried, the “too good to be true” speed-up, and all the devillish details before it went into production.

  • Fixing hardware faults with software patches (Pierre-Emmanuel Patry) slides video

    Spectre and meltdown attacks are widely known exploits based on branch prediction mechanisms. Despite their wide media coverage, their internal behavior remains obscure for most people. We investigate the behavior of branch predictors to further understand such attacks and their scope. Finally we present a famous software mitigation technique and its impacts.

  • A look at exokernels, today (Léo Benito et Daniel Frédéric) slides video

    The exokernel operating system architecture, proposed in 1995, addresses the performance limits of traditional operating systems’ abstractions. It exports hardware resources allowing applications to use any abstraction through libraries. We will take a look at the exokernel design and how some operating systems’ abstractions evolved to reduce the performance limits.


April 5, 2022

  • Backdoor communications using mathematics and probabilistic primality tests (Martin Grenouilloux) slides

    Classic public key cryptography relies on the generation of large prime numbers. However, deterministic prime testing is untractable, so probabilistic tests are used instead. We investigate a class of pseudo-primes based on Carmichael numbers that fool common tests, and thus can be used adversarially to break crypto-systems, along with a comparatively newer probabilistic test that’s harder to fool.

  • Microkernel challenges (Daniel Frederic) slides

    Microkernel is a well-known kernel design combining modularity, minimalism, and robustness. Let’s introduce the key concepts of a microkernel, what makes it powerful and some design considerations. Let’s introduce the SeL4 kernel briefly, and present some research done about the Skybridge IPC.

  • Method of knowledge extraction applied to post-graduate computer science studies (Fabrice Boissier) slides

    Course material building is a difficult step in teaching as it requires combination of documents (extraction of main subjects and analysis of the order of chapters). CREA method aims at helping teachers by: 1) showing them relevancy of documents, and main topics to teach or explain 2) proposing sessions based on clusters of terms that are linked together in the existing documents 3) ordering those clusters of terms for presenting a complete syllabus. This method is still under development but show interesting results concerning the two first targets.


March 17, 2020

  • A weekend of CTF: the good, the bad, the ugly (Nicolas Manichon & Tanguy Dubroca)

    CTF competitions are organized by security enthusiasts to be engaging and put the players skills to the test. But what happens when the organisers do not respect the basic security guidelines for their infrastructure ? We will do a case study of a good and a bad ctf we played a few weeks ago.

  • Turning your e-cigarette into a handheld game console (Paul Poincignon)

    A closed-source firmware on an unknown hardware architecture can be a real pain to understand. We will see how we can circumvent these issues by doing (a lot of) guessing. Let’s take a deep dive into firmware reverse-engineering with an e-cigarette from eLeaf, the iKuu i200.

  • Detailed Overview of the U2F protocol (Cesar Belley)

    U2F is an open authentification standard used worldwide. It enables elying parties to offer a strong cryptographic 2nd factor for end user authentification. Let’s see how U2F fully works by designing it from scratch, one another time.


December 10, 2019

  • OpenBSD: Can I haz debug ? (Marc Espie) slides

    Compared to the base system, the OpenBSD package framework is huge, and takes hours and hours to build, thus leading to not so accurate bug-reports. However, including debug information everywhere by default is not an option, due to the sheer size of the files. During p2k19, Paul Irofti and I designed some glue to create debug packages in a more or less automated fashion. This is a story of agile development, as it took just a few days from the initial draft to V4 of the framework, and we can now produce debug packages for most relevant ports.

  • A quick look at authentication vulnerabilities in OpenBSD (Guillaume Pagnoux) slides

    Less than a week ago, four CVEs were published concerning authentication vulnerabilities in OpenBSD. Let’s take a look at how these work, and how they were fixed.

  • Through the SMM-Glass, And a vulnerability found there. (Bruno Pujos) slides

    In last August Lenovo silently patched a vulnerability in one of their firmwares. After a quick explanation about what SMM is and how it works, the vulnerability and its discovery will be explained. Finally how to exploit such a vulnerability and bypass the SMM_CODE_CHK_EN mitigation will be presented.

November 12, 2019

  • Classic gaming porn: the Game Boy (Gabriel Duque) slides

    We all grew up playing Game Boy! It’s incredible success launched the beginning of a new world: portable gaming. From it’s CPU to its pixel processing unit, lets go under the hood and check out how it really works!

  • Hiding data in PDF files (Victor Collod)

    Introducing pdfid, a tool for hiding small amounts of data in pdf files. It was designed to enable identifying publishers of confidential data.

October 15, 2019

  • Spawning kernel development environment: the pure way (Guillaume Pagnoux)

    The setup of a good, usable kernel development environment is a tedious task. It becomes very annoying when you want to develop on multiple machines. Let’s see how we can exploit NixOS capabilities to automate the creation of such an environment.

  • Unit Testing for Hardware Description Languages (Maxence Caron–Lasne) slides

    Unit testing should be a mandatory step in most of projects. Unit tests should be easy to write and easy to launch. Yet, writing unit tests for Hardware Description Languages (Verilog, VHDL, Migen…) can be quite cumbersome. Migen is a Python library for hardware description. We will see how to take advantage of the expressivity given by Python for generating test modules dynamically.

  • Goroutines demystified (Mathieu Nativel) slides

    The go standard implementation of concurrency lays on two main features: goroutines and channels. Let’s try focus on goroutines and to undertstand what make them attractive. In order to do so we’ll have to look on how they are implemented.

May 14, 2019

  • trish2, un algo de détection du plagiat (Victor Collod)

  • How an environment variable annoyed me for three months (Guillaume Pagnoux) slides

    A small, incomplete, could be wrong, story on how an environment variable caused a three months bug hunt, in an almost non-debugable environment.

  • Arbitrary tree differencing for code copy detection (Nicolas Manichon) slides

    Code copy has always been a security problem, with open source projects checking in code from one another, applying modifications and not being able to backport security fixes in a timely manner. I present a project that can perform code copy detection on a large number of files.

  • CTF: Two Noobs and a Plaid (Brendan Harley & Mathis Raguin) slides

    Let’s follow two young and innocent students on their way to solve the 2019 PlaidCTF’s challenges. On the menu: python, reverse engineering and docker archeology.

April 9th, 2019

  • KeraSH: A neural network toolkit written in shell (Jean-Adrien Ducastaing & Audran Doublet) slides

    A shell-based ML toolkit allowing you to train, evaluate neural networks and evolve your topology and hyper-parameters via AutoML-ish techniques.

  • From execution traces to binary reconstruction (Gabriel Duque) slides

    Obfuscated files often consist of complicated code that actually does something simple. Through execution trace capturing and binary reconstruction, we will see how it is possible to generate an executable file that has the same behaviour as the original file, but much simpler code.

March 12th, 2019

  • Accelerate Boolean Constraint Propagation for Boolean Satisfiability Solvers with FPGA (Maxence Caron-Lasne) slides

    Boolean Satisfiability (or SAT) problem is the problem of finding if a set of Boolean values that satisfies a given Boolean formula exists. SAT, even if it is the first problem proven NP-complete, is used in fields like circuit design and automatic theorem proving. The algorithm used to solve SAT problems is arborescent but the most time consuming operation used in it, the Boolean Constraint Propagation (BCP), is a good target for hardware acceleration. Based on the work of John D. Davis and Jason Thong, let’s explore two possible BCP co-processor designs on FPGA.

  • Sqlports, an adventure in sqlite (Marc Espie) slides

    This starts with an interesting use-case for sqlite, based on the need to collate metadata about 10000+ distinct ports on OpenBSD, an obvious use of relational database technology. However, designing a database schema for human consumption is tricky, between the desire of having human-readable views or table, and the need to have a sensible database schema with internal consistency. This is the tale of a pseudo ORM designed for human readability, as an exercise in futility, because “why not ?”

  • Userland NIC driver design on Linux (Guillaume Pagnoux) slides

    In my quest for a better understanding of computer networking, I tried making a switch using a userland NIC driver for ixgbe and virtIO network cards. Let’s take a look at how this driver is implemented, and the differences with an in-kernel one.

February 12th, 2019

  • Network stack in K (Tom Decrette) slides

    Once you finished K, you are a little bit confined by the possibilities. Let’s see how to add a network stack in your own kernel.

  • Bypassing SMM-EP (Bruno Pujos) slides

    Intel introduced a hardening mitigation for SMM called SMM_CODE_CHK_EN. This mitigation prevents a processor in SMM mode from executing code outside the protected memory defined for SMM, the same way than SMEP prevents the kernel to execute userland code. In this talk we will see how to bypass it in a non-firmware-dependent way.

  • Trying to design a simple yet efficient L1 cache (Jean-François Nguyen) slides

    Minerva is a recently released 32-bit RISC-V soft processor implemented with nMigen. This talk will provide a tour of its L1 cache infrastructure with a focus on its approach to reduce miss penalties efficiently while trying to keep its ressource usage adequate for embedded use cases.


December 11th, 2018

  • Writing a hypervisor - Part 2 (Thomas Bitzberger)

  • Séance de question-réponses sur le sujet de recrutement (Gabriel Laskar)

November 13th, 2018

  • Writing a hypervisor - Part 1 (Thomas Bitzberger)

    Let’s go through the first steps of coding a x86_64 hypervisor. During this first part, we’ll see how to use Intel virtualization extensions and how to launch a very simple guest.

  • TCP, fonctionnement et implémentation (Victor Collod)

    TCP est peut-être le protocole le plus important d’internet, en tant que moyen le plus commun d’obtenir un canal de communication fiable. Parlons un peu de son fonctionnement et de son implémentation.

October 9th, 2018

  • Il ne faut pas toujours croire les spécialistes (Sebastien Larinier)

    En lisant un article de FireEye, les chercheurs détaillent qu’une nouvelle backdoor est uniquement dans l’overlay du première exécutable de la chaîne d’infection. Après quelques tests, il s’avère que c’est un peu plus compliqué. On a donc sorti le debugger et un desassembleur pour réellement comprendre ce qui passe.

  • zeroconf, où comment on peut survivre sans serveur dhcp (Chewie) slides

  • How to waste time during summer (Clementine Hayat and Alexandre Majed)

June 12th, 2018

  • Text classification models based on Deep Learning (Antoine Sainson) slides

    Text classification is one of the main tasks in natural language processing. Let’s see how we can use CNNs and RNNs to classify french tweets.

  • iSCSI and Libvirt (Clementine Hayat)

    iSCSI protocol is famously used for block storage over TCP. Let’s see how the current libvirt implementation allows us to use iSCSI blocks for VM storage, and how we can improve it.

  • Edit and continue in GDB (Alexandre Bernard)

    Debugging is an everyday game to many developers. Stop, recompile and restart the debugging session are three annoying steps. Let’s see if we can get rid of it in gdb and apply code changes while our program is in break mode.

April 10th, 2018

  • Les canaux subliminaux dans DSA (Marin Hannache) slides

    Comment détourner l’algorithme de signature DSA pour y faire apparaître des canaux subliminaux. C’est à dire un moyen de communiquer via des signatures en apparence anodines. Quelles contre-mesures sont envisageables et quelles sont leurs limites ?

  • How to catch cheaters ? (Paul Semel)

    Sometimes we want to avoid people from calling some shared libraries functions. Let’s play with dynamic binary instrumentation to see whether we can achieve this correctly !

  • The iPXE object model (Victor Collod)

    In order to achieve high reliability and flexibility, iPXE implements an object layer inspired by flow-based programming, in C.

March 13th, 2018

  • Great expectations for HTTPS (Marc Espie)

    Package updates on OpenBSD are done over HTTP usually. The authenticity of packages is already ensured at the application level.
    Is moving to HTTPS desireable ?
    Putting all the pieces together leads to surprising challenges and discoveries.

  • Dumping C/C++ structures, the return ! (Paul Semel)

    C/C++ programmers often need to dump the content of their structures. As one can’t have structures information at runtime, it’s not possible to write a generic structure pretty printer.
    The first attempt we made consisted of reading debugging information located in the ELF file; this was not a good idea. Hopefuly, those information are known at compile time, so let’s implement a CLang structure pretty printing built-in.

  • VirGL on Windows: Part 2 (Nathan Gauër)

    Last year began my journey in the grateful universe of graphic drivers on Windows. This year, the goals have been updated. Let’s see how we can tackle a correct ICD implementation using Angle

February 13th, 2018

  • Malware comparison with frequency analysis (Gabriel Duque) slides

    A simple approach for information extraction in object code. Also an overview of the issues encountered while automating and scaling this process for a 2Tb malware database.

  • Windows Hello World (Thomas Bitzberger) slides

    To learn more about Windows and the PE format, let’s see how we can do the exercice of calling the ‘printf’ function by manually resolving it’s address at runtime.

  • Playing with Clang’s Static analyzer (Paul Semel)

    During this talk, I will present the Clang’s static analyzer tool, by implementing an undefined behavior checker.


December 12th, 2017

  • Speaker Recognition: Basic Concepts (Réda Dehak)

    Speaker recognition is the process of recognizing automatically who is speaking in a speech audio file. This allows to use people voices as an authentication mechanism. We deal with different statistical machine learning methods to solve this problem. We will present the principal statistical machine learning methods used in our recognition system which was submitted to NIST-SRE 2016 evaluation campaign.

  • 512 bytes to boot (Pierre Marsais) slides

    Let’s implement a minimal Multiboot x86 BIOS bootloader.

November 14th, 2017

  • A gentle introduction to TCP/IP (Gabriel Laskar)

    An introduction course on how Internet and TCP/IP works.

  • Better signal handling with Clang (Alpha Abdoulaye) slides

    Let’s try to improve the detection of common programming errors specific to signal handlers and fix them by patching Clang.

  • CPU exception and interrupt mechanisms (Jean-François Nguyen

    Exceptions and interrupts are unexpected events that disrupt the normal flow of instruction execution. This talk will cover their implementation on our own CPU design.

October 10th, 2017

  • My RC car just got itself a CAN Bus (Stanislas Lejay) slides

    Car hacking is one of these difficult-to-reach kind of field, often because nobody wants to break their own car trying to make the headlights flash. So, how can one offer a cheap approach to car and CAN hacking ? Here is a new episode from the “give the impression you are working when you are in fact having fun” series.

  • Designing a homebrew RISC CPU (Jean-François Nguyen)

    CPU design does not have to be the realm of voodoo rituals and Fortune 500 companies. We’re living great times where any nerd can just go out and build their own microarchitecture. Let’s see how!

April 11th, 2017

  • Linux and GPU : The frame and the pain (Nathan Gauër) slides

    Let’s go under the hood of an OpenGL application! See how we can spit some pixels out of Mesa and put them on our screen.

  • Backdooring Linux (Thomas Bitzberger) slides

    Backdooring an operating system is quite an art. Let’s see how to implement a very simple one under Linux. We’ll take a look at the sys_call_table, search through the kernel memory and modify it.

  • Extending qemu/gdb for machine debugging (Gabriel Laskar)

    Let’s extend qemu for proper low level debugging on x86!

March 13th, 2017

  • Runtime handling for thread local storage (Alpha Abdoulaye)

    A quick overview of the runtime handling of thread-specific data in ELF objects.

  • Playing with Mach-O and DYLD (Stanislas Lejay)

    Let’s take a look at macOS’s binary format and see how one can call any function by journeying from structures to internal memory.

  • Trap your friends with TCP! (Philemon Gardet) (slides not available)

    Look at some fun and expensive hardware to play with the TCP transport layer and make some pranks.


December 13th, 2016

  • C++ internals (Francis Visoiu Mistrih)

    Quick look inside the implementation of high-level constructions in C++, such as name mangling, inheritance, virtual, etc. based on the Itanium C++ ABI.

  • Malware deobfuscation by program synthesis (Kevin Tavukciyan)

    During this talk, we’ll see how, using program synthesis, we can deobfuscate binaries in an “automated” way, without dynamic analysis. We’ll also see how to synthesize formal specifications of the x86_64 mnemonics, which are needed to get proper deobfuscation.

  • Introduction to abstract interpretation (Marc Chevalier)

    An introduction to abstract interpretation or how to statically prove semantic properties on programs.

November, 8th 2016

  • Write yourself a toolchain using LLVM (Francis Visoiu Mistrih)

    During this talk, we’ll see how to set up a fully functional toolchain for a new architecture using the LLVM Compiler Infrastructure. From Clang, going through the core of LLVM, up to LLD, we’ll try to add support for a new target: J Core 2, which is the open source version of Hitachi’s SuperH 2.

  • Lockdep, an inside out perspective (Nahim El Atmani)

    Quick dive into the linux kernel lock validator a.k.a lockdep.

  • A peek into asynchronous processor design (Philémon Gardet)

    In the domain of the logic circuit programming, synchronous systems and their dependency to a ‘clock’ signal are a common pattern. What could happen if such signal did not exist ? This assumed constraint is the opportunity to expose some concepts like a simple asynchronous circuit design, some handshaking data transmission protocols and their implementation or even asynchronous pipelines.

October, 11th 2016

  • Debug code the hard way (Gabriel Laskar)

    A brief introduction to Linux debugging APIs

  • Write yourself a JIT brainfuck compiler (Jean-François Nguyen)

    Some ING1 students had to write a toy brainfuck compiler during their first week at EPITA. Let’s have fun and rewrite it using JIT (Just-In-Time) compilation!

  • There and back again, how we fixed packages signatures before they were truely broken (Marc Espie)

    Signing the inside of a package is not so secure, as you depend on your unpacking tools being bug-free. Moving the signature outside involved some redesign to allow just-in-time checking, and quite a few changes inside the tools involved. This code went from proof-of-concept to full scale deployment in about a month.

May, 10th 2016

  • Hotplug on linux (Gabriel Laskar)

    A survey of the linux hotplug system.

  • PXE boot on PIE (Nicolas Géniteau)

    How to boot hundreds of diskless computers for EPITA.

  • GCC as a dead simple cryptosystem obfuscator (Nahim El Atmani)

    While compiling, GCC plays a lot with intermediate representations to get optimal code after multiple optimization and reduction passes. These mechanisms can serve for weird code modifications too, and this talk is just an example of one of them. We’ll focus on a simple, yet effective way of hiding a cryptosystem.

April, 12th 2016

  • How-to fail porting a motherboard to coreboot (Vincent Gatine)

    This talk will be the post-mortem of an attempt to port a (not-so) new x86 motherboard to the foss firmware project coreboot.

  • SecuROM v4 (Adrien Garin)

    SecuROM v4 is an old DRM and copy protection used by video games. How effective is it ?

March, 8th 2016

  • LSE discount on Canadian’s transportation travel fares (Nahim El Atmani)

    After a quick reminder on contactless cards technologies we’ll see how one can subvert daily passes in order to get a special 70% LSE discount. Happy black friday folks!

  • Cheating online in Age of Mythology (Adrien Garin)

    Age of Mythology released in 2002 is still playable online on the Voobly platform. We will see how to patch the game memory to disable entirely the fog of war and how to bypass the anticheat detection module of Voobly.

  • CVE-2016-0728 vs Real World (Matthieu Tardy)

    CVE-2016-0728 has made some headlines in the security world for being a relatively easy to exploit Linux local privilege escalation vulnerability. We will see a teardown of this vulnerability and an estimation of its real impact.

9th February 2016

  • PFE Report: first steps in porting Stos on Intel Galileo (Zackary Ayoun)

    Implementation of an EFI bootloader Overview of the new device interface of Stos

  • 16-bit DOS executable execution on the LSE-PC (Antoine Froger)

    An overview of the changes made to the LSE-PC software architecture in order to be able to execute 16-bit DOS executables.

  • Introduction to Reversing DXE drivers (Bruno Pujos)

    Most of the x86 computer firmware today follow the UEFI specification. The DXE drivers are one of the most important part of the boot and reversing them is a key step for understanding your BIOS.


8th December 2015

  • Introduction to SAT and SMT solvers (Zoé Delduc)

    From SAT to SMT solvers, a theorical overview of their algotrithm and some praticals examples using Z3.

  • GreHack 2015: writeups (LSE team)

    Grehack is a security conference hosted in Grenoble. Their 3rd session was on November 15th, 2015. We will present writeups for some ctf challenges.

10th November 2015

  • Pledge: a new mitigation technology in OpenBSD (Marc Espie) slides

    there’s a bleeding edge new system call in OpenBSD: pledge. It’s used to limit what a given process can do. There are some major usage differences to some prior technologies that should make it more effective. The most prominent comes from OpenBSD’s basic motto, namely that security measures should be on by default and driven by experience. I will give a small state-of-the-art presentation about how far we’ve come understanding what pledge can do for us, in terms of simplicity and efficacy.

  • How to run unsigned kernel driver on Windows x64 (Nassim Eddequiouaq & Adrien Garin)

    By default, 64-bit versions of Windows (starting from Vista) will only load signed kernel-mode drivers. Thanks to a vulnerable version of a signed VirtualBox kernel driver, we will see how to gain ring0 code execution and how to disable DSE to finally run our unsigned drivers without enabling debug mode or changing Windows boot options.

  • Designing a flexible on-chip debugger for the LSE-PC (Pierre Surply)

    Tracing execution on the LSE-PC used to be achieved by manually analysing 80386SX CPU signals. This talk will present an implemented solution to provide a efficient on-chip debug by automating and scripting bus controller operations.

13th October 2015

  • Hacking a Sega Whitestar Pinball: Focusing on the audio board (Pierre Surply)

    A reverse engineering of a BSMT2000 DSP used on the audio circuit of an old-school pinball.

  • Software programming on the LSE-PC (Antoine Froger)

    After the multiple presentations on the LSE-PC architecture and hardware, this talk will focus on the tools used to program on the LSE-PC and the complexity to code and debug on a board based on an Intel 80386SX processor conceived in 1985.

  • Tasks, multithreading and early scheduling setup in stos (Louis Feuvrier & Fabien Goncalves)

    Our recent work to introduce userland threads in stos. From scheduling issues to jumping from a single execution thread to a full-blown scheduled environment, we will cover early task handling in stos.

14th April 2015

  • PS/2 Archeology (Gabriel Laskar)

    Let’s look at mouses, keyboards, and their protocols.

  • Understanding the PCI Passthrough (Nassim Eddequiouaq)

    An overview of the way PCI passthrough works, with an emphasis on network devices and the features provided by the Intel VT-d.

10th March 2015

  • Discovery of Ltrace On Steroid (Nahim El Atmani)

    LOSt is a dynamic binary analysis tool currently in early development phase in the Lab. It aims at tracing internal function calls of an unknown binary. Working closely with IDA and PIN, LOSt brings evolutive reports throughout the reversing phase. This talk will present the goal and the motivation of making such a tool.

  • Linux live patching (Adrien Schildknecht)

    Linux 4.0 introduces a first draft of a live patching API. Patching a running kernel is subject to many race conditions and constraints. We will study the different approaches and their limitations.

  • Testing the 8259A Soviet clone (Pierre Surply)

    Manufactured in USSR during the 80s, the KP580 family of n-MOS integrated circuits aimed to imitate the behaviour of the Intel chips used in the IBM-PC. We will focus on the Programmable Interrupt Controller to see if those components actually follow the Intel former design.

  • Two practical examples of obsolescence in electronic and software design, and easy fix (Jacques Laskar)

    HP 54601A is a 4 channels 100 Mhz oscilloscope from 1990 with digital storage capabilities. Although it should have been able to survive many decades, it has been plagued with various electronic and software design features that make it totally useless at present. By chance there are some easy fix.

10th Febuary 2015

  • Decoding evdev ioctls for strace (Etienne Gemsa)

    Strace, a debug tool, displays system calls of a program, some are not clearly displayed, in particular ioctls of evdev drivers. This talk will describe works on decoding of evdev ioctls in strace.

  • BIOS patching for fun and profit (Vincent Gatine)

    Many PC vendors lock processors features within BIOS to create market segments. Let’s see if we can hack our way through the BIOS to get our hands on some cool features.

  • Containers and systemd: systemd-nspawn (Rémi Audebert)

    systemd-nspawn is simple and versatile container manager built on top of Linux namespaces. Booting full Linux distributions is trivial, and tight integration with systemd makes it a very powerful tool.

13th January 2015

  • Elf : Tips & Tricks (Gabriel Laskar)

    A brief tour of some tricks that are commonly used in kernel development.

  • DNSSEC and zone walking (Paul Hervot)

    A presentation of the DNSSEC extension of DNS, the issue it introduced regarding zone enumeration and existing solutions.

  • Bitcoin on FPGA (Bruno Pujos)

    Making of a bitcoin calculator in hardware: bitcoin principle, SHA-256 and its implementation on FPGA.


9th December 2014

  • Having fun with Parallax Propeller (Pierre Surply)

    An introduction to the peculiar design of a 32-bit multi-core microcontroller.

  • Investigating sensors support in a tablet (Fabien Goncalves)

    Presenting my journey trying to add support for a sensor in a tablet running archlinux.

  • On some physical attacks of RSA (Robert Erra)

    RSA is (probably) a secure algorithm but when it is used naively on some embedded system like smartcards, RSA can be attacked physicallly. We will show how this is possible and will present some known attacks.

  • UEFI: How does that actually boot ? (Gabriel Laskar)

    An exploration and comparison of BIOS versus UEFI boot process.

  • Simulating a serial device with Linux and Python (Rémi Audebert)

    How-to create a fake serial device and use Python idioms to emulate it.

12th November

  • Linux sandboxing (Gabriel Laskar)

    An overview of the available kernel APIs that can be used in order to control and limit the effect of untrusted code.

  • CVE-2014-4114 (Bruno Pujos)

    A study of the Sandworm vulnerability in powerpoint.

  • Trusted Platform Module (Jérémy Lefaure)

    Discovery of this hardware cryptographic component, used among other things to set-up a trusted environment.

  • Learn D the hard way (by writing a kernel) (Nassim Eddequiouaq)

    A small dive into D language’s system features and runtime mechanisms through kernel programming.

14th October

  • Go Reverse (Bruno Pujos)

    First steps in reverse engineering a golang binary.

  • Hacking a Sega pinball (Pierre Surply)

    How to reverse an old school pinball machine in order to modify it and execute our own code: A guided tour through the electronic design of an uncommon and discontinued machine.

  • Understanding Python by breaking it (Clément Rouault)

    The goal of this talk is to abuse the logic of the Python interpreter using the ctypes module. With that we will be able to expose some of the CPython internals from Python itself.

10th June

  • Branch Tracing on x86 (Gabriel Laskar)

    An overview of the x86 CPU’s features that allow the user to trace and debug code without binary modification.

  • Nanomites, a funny anti-debugging technique (Nassim Eddequiouaq)

    An overview of the way Nanomites are implemented and work.

  • TI84+ Bare-metal Programming (Pierre Surply)

    A guided tour through Z80 based Texas Instruments’s graphing calculators and how to program it without any operating system.

13th May

  • Heartbleed, technical overview (Bruno Pujos)

    An explanation of the Heartbeat extension and how the Heartbleed bug is working, what kind of information can leak from it, and why it has not been found earlier.

  • Anti-Virtual Machine Techniques (Pierre Rovis)

    An overview of some of the techniques being used by malwares to recognize virtual machine environments, how they work and what they are detecting.

1st April

  • Portable Executable: Overview of the executables files on Windows (Jérémy Lefaure)

  • A first peek at asymmetric cryptography: The RSA cryptosystem (Fabien Goncalves)

  • Introduction to Register Transfer Level: a simple way to design synchronous digital circuits (Pierre Surply)

  • Analysing unknown data with python (Rémi Audebert)

  • The Hell of CPU debugging (Franck Michea)

4th March

  • Malloc Internals (Bruno Pujos)

  • vsyscall/vDSO (Adrien Schildknecht)

  • Qemu integrated testing: liqtest / libqos (Nassim Eddequiouaq)

11th February

  • Introduction to TI PRUSS (Pierre Surply)

  • PS/2 Archeology (Gabriel Laskar)

  • IDAPython walkthrough (Bruno Pujos)