Monday

Monday/00-Opening.md

@@ -0,0 +1,9 @@
+# Opening
+
+- Thanks
+- Code of conduct
+- English!
+- Steaming! https://passthesalt.ubicast.com
+- rumps@passthesalt.com
+- social event: Tuesday evening 19pm
+- 

Monday/01-Debian_security_team.md

@@ -0,0 +1,44 @@
+# Debian security team
+
+  - Very small team! (5-10p)
+  - No LTS
+  - debian-security-announce@lists.debian.org
+
+## Workflow
+  - Single point of contact
+  - Day-to-day routine, distributed among humans
+  - Automated scripts: check CVEs, and process issues
+  - Process to release a DSA
+
+## Vulns
+  - Public vulns
+  - Private vulns (embargo)
+    - Many drawbacks, delay, leak pb, quick and ugly fix
+
+## Examples
+  - KRACK: vuln on WPA
+    - lot of synchronization required because protocol vuln
+    - Coordinated by CERT.org, not Debian itself
+    - During embargo: investigate the issue, then work with maintainers
+    - Example of well handled vuln
+  - Meltdown/Spectre
+    - Debian wasn't in the loop
+    - Lot of rumours, noise, before the release
+    - Took their time to make the fix, since there was lot of different patches
+    - Intel not responding to them
+  - pca: pacemaker
+    - Simple embargoed vuln
+
+## Conclusion
+  - Follow security tracker
+  - Not all vulns are equal
+
+## Questions
+  - No NDA, because no legal entity: that's why not in the loop. Sometime, trust
+    is enough
+  - CVEs come when Debian is the only one to know about the vuln first
+
+
+## Personal feeling
+Interesting talk, mostly informative.
+

Monday/02-r2frida.md

@@ -0,0 +1,23 @@
+# Radare2
+
+blinking slides
+
+## What is {radare2,frida}
+  - r2 is an hexa editor
+  - frida is a debugger: you can run code inside a process easily
+  - Both open-source RE tools supporting lot of OS and archi
+  - Merging the two tools bring both worlds together
+
+## r2frida
+  - `r2pm -i r2frida`
+  - `r2 frida://`
+  - scriptable in JS, Typescript
+  - demo time!
+    - Change assembly in memory while running
+    - Debug Gameboy game running inside emulator
+    - They triggered actions of a character in a Gameboy emulated game -> impressive
+
+## Personal feeling
+Good talk, mostly demo.
+Should be usable for automated recording.
+

Monday/03-static_instrumentation.md

@@ -0,0 +1,20 @@
+## Executable format
+  - Modify Loader and Kernel behaviour by modify the executable file
+
+## LIEF
+  - Library to modify the executables
+  - Change entry point, libs, sections
+  - Only work with Position Independent Code (fPIC)
+
+## Frida+LIEF
+  - Injecting code into Android application without root privileges
+
+## Conclusion
+  - https://lief.quarklabs.com
+  - Stil WIP, no stable API
+
+## Personal feeling
+They said it themselves, it's quite old stuff.
+Also, it looks like very young project.
+
+

Monday/04-retdec.md

@@ -0,0 +1,20 @@
+# Ret(argetable)Dec(ompiler) - Machine-code decompiler
+
+  - Analysis machine-code is boring
+  - Toolchain based on LLVM
+  - They lift machine-code to LLVM IR!
+  - Workflow:
+    - Capstone2LlvmIR
+    - Pattern matching of LLVM IR for optimization
+    - Their custom Backend IR, higher level, supports `switch`, `break`, `continue`, etc...
+    - Still more optimizations with this IR
+    - Code generation
+  - IDA plugin
+  - Future: more architectures, more integration (Binary Ninja, r2, REVEN?...)
+
+
+## Personal feeling
+Very monotone speakers.
+Basically a low-level explanations of their tool.
+
+

Monday/05-spectre_on_android_smartphone.md

@@ -0,0 +1,28 @@
+# Are there Spectre-based malware on your Android smartphone?
+
+## Spectre on ARM (focus on ARM A53)
+  - List of CPUs on developers.arm.com
+  - A53 is not on the list
+  - Seems A53 does speculative execution -> may be vulnerable
+  - Let's test:
+    - Find a PoC for AArch64: ended up not working
+    - Implement an ARMv7 PoC for the 32bits smartphone
+    - Struggle to find all the needed API and instructions
+    - The PoC does not work, even with tuning
+    - Same thing with ARM A8
+    - Conclusion: it's hard to tell whether the CPU is vulnerable or not,
+      but still no PoC
+
+## Are there Malwares in the wild
+  - A PoC is NOT a Malware
+  - Getting PoCs from there AV DB: no Malware, only PoCs
+  - Active detection of Spectre-based attacks
+
+## Conclusion
+  - She found no Spectre-based Malware for ARM anywhere
+  - She found out that cache-timing attack are really not that common
+  - We'll have to look out in the future, but for now, the wild still seems free of Spectre on ARM
+
+## Personal feeling
+Very interesting vulgarization!
+

Monday/06-cutter.md

@@ -0,0 +1,11 @@
+# Cutter
+
+  - Coming from Iaito
+  - Not intended for r2 users, more for newcomers
+  - Big refactoring of old code
+  - Demo on IOLI:crackme0x00
+  - Looks a lot like Axion, but less broken (Qt, etc...)
+  - It seems really usable
+
+## Personal feeling
+Mostly demo, but interesting.