This post serves as a text version of our presentation (available here) at Biere et Secu on 21/04/2026.
Binary executables are everywhere: firmware, desktop and mobile apps.
They are fast and compact, but also difficult to understand.
At their core, binary executables are just a sequence of raw machine code: 0s and 1s interpreted in the CPU as instructions.
For that reason, this format is not ideal for human readability.
Yet, in certain situations, for example malware analysis, we need to understand what a binary executable is doing.
This is where disassembly comes in:
Symless is an IDA Pro plugin designed to assist with structure reconstruction and cross-reference placement. It comes in two flavors: an automatic pre-analysis that can reconstruct most of the structures used in a binary, and an interactive plugin that reconstructs a single structure from user selection.
We are now releasing a new architecture-agnostic version of Symless, and use this opportunity to describe its internal logic.
Although Kindle e-readers are a prime target in modding and jailbreaking communities, there is little public work about vulnerability research in remote code execution scenarios.
In this post, we give technical details about a chain of vulnerabilities we identified that can be triggered by downloading a malicious Audible audiobook, allowing to take full control of the device and its registered Amazon account.
The introduction of Rust into the Linux kernel allows to write kernel drivers in Rust, which we can use to build a kernel-level EDR. This post explores this possibility by designing various checks to detect kernel-level rootkits and implementing them using the kernel’s Rust API. We then discuss the experience of developing in Rust within the Linux kernel.
Virtualization is a powerful technique for code obfuscation, and reversing it can be challenging. In this post, we cover the work done during an internship on developing an automated devirtualization tool. We explore a simplified taint-based approach and discuss its limitations. For a more in-depth analysis, the full report is also made available.
Remote Play Together, developed by Valve, allows sharing local multi-player games with friends over the network through streaming. The associated protocol is elaborate enough to shelter a valuable attack surface that has scarcely been ventured into in the past.
This post covers the reverse engineering of the protocol and client/server implementations inside Steam, before presenting a dedicated fuzzer that unveiled a few critical vulnerabilities.
Centralized Memory was a hard Linux pwn challenge created for the European Cyber Week CTF 2023 qualifiers. This write-up covers the intended method of exploitation through a race condition, an AES padding bug and a stack overflow.
kaleidoscope was a hard reverse engineering challenge created for the European Cyber Week CTF 2023 qualifiers, with a focus on Windows-specific mechanisms and VM-based obfuscation.
The Calculator in Shadow was a hard pwn challenge created for the European Cyber Week CTF 2023 qualifiers. It included exploiting a RISC-V calculator running on top of a customized QEMU that featured a poorly implemented shadow stack.
In this article, we discuss our research approach for investigating Xiaomi routers. We discovered multiple vulnerabilities allowing Remote Code Execution (RCE) on several models, through both LAN and WAN interfaces. This work led to the publication of four CVEs specifically targeting Xiaomi routers.