Blog

Harvesting PGP secret keys from poorly secured Thunderbird instance

Pentesting Teaching

If you're privacy-conscious (which is great!) and have set up Thunderbird to use PGP for signing and encrypting your emails, you’ve likely taken important steps to ensure that no third party, including your email provider, can access your private communications. You probably followed an online tutorial to get it set up—but have you enabled a primary password?

Read
A brief overview of passkey

Teaching Phishing

You may have come across terms like "passkeys" or the intriguing idea of going "passwordless." These concepts might sound confusing, especially since we're all so used to securing everything with passwords—and constantly reminded of the importance of having strong ones. So, how could a world without passwords possibly be secure? In this blog post, we’ll explore this new method of authentication and break down how it works in a simple, easy-to-understand way. We won’t dive into the technical details, but you’ll get a clear overview of what passkeys are and how they can change the way we stay secure online.

Read
[geth] Developer mode

Blockchain Ethereum

If you have already played with geth, you probably have already noticed the --dev option. This option is very handy when you want to quickly start a node to test something. However, you might have found that the developer account which is automatically set is a random account. This randomness can be annoying when trying to automate some testing tasks. The good news is that there is a way to set this developer account. That's what will be explained in this small blog post.

Read
Webinar RMA

Blockchain APT Detection

A few weeks ago, we had the opportunity to present a short webinar on two topics currently under research in our department:

Read
IPFS-API: a go IPFS RPC API client

Blockchain golang

If you already research about web3 and decentralization, you probably stumbled on the Inter Planetary File System (IPFS). However if you wanted to use the API provided by the IPFS in one of your go program, you probably went crazy trying to understand how to use the API to finaly realize the documentation is not even up to date and refer to deprecated library. The IPFS-API module try to fill this gap and provide a basic yet simple to use package to interact with an IPFS RPC API endpoint.

Read
Analyse of a crypto scam

Blockchain Ethereum

If you ever connected to a discord server related to ethereum (geth, ethereum.org) you probably noticed that despite very useful information given about the technology, those servers are also unfortunately full of scammer... Let's have a look at one of them and analyze the scam it proposes.

Read
Solidity: ABI encoding explained

Blockchain Ethereum Smart Contract

If you have already been curious about how Ethereum smart contract works under the hood or even participated to a CTF where you had to exploit some weakness in smart contract, you probably stumble upon the solidity abi encoding page. Even if this is the reference paper, it can look a bit difficult to understand and it's not easily readable even though it's not really difficult. Let's review how the encoding is working with the help of few example.

Read
Install Metamask and get some testEther

For this course on the blockchain we will need to use metamask and get some Test Ether.

Read
gweb3: a go module to interact with ethereum blockchain

Blockchain Ethereum

Have you ever wonder why most of the web3 tools are written in go (geth, kubo,....) but it's actually difficult to find a go module that would let you interact with the web3 ecosystem like web3.js or web3.py does ? This blog post will introduce you to gweb3, a go module that aims to facilitate the interaction with an Ethereum blockchain from a go program.

Read
How to analyse HTTPS traffic with mitmproxy transparent mode

Linux Reverse Engineering

Did you already want to analyze traffic of a specific application, but this traffic is encrypted using TLS? You start wireshark and then stumble upon this very annoying display where you only see encrypted TLS traffic.

Read
How to use mattermost golang driver

golang

If you have already tried to develop a bot in golang for mattermost, you have probably already found the documentation page for the API.

Read
Ethereum under the hood

Blockchain Ethereum

If you have already looked at blockchain technology, you might have noticed that two different names are often opposed:

Read