On crypto conferences

View of the UCSB campus in Santa Barbara, CA, where CRYPTO is held since 1981 Created in 1981, CRYPTO has historically been the most important and most relevant crypto conference. But CRYPTO has also always been aimed at cryptographers whose job is to publish research papers, rather than cryptographers whose job is to actually secure … Continue reading On crypto conferences

When Constant-Time Source Code May Not Save You

On November 14 at CANS 2016 in Milan I presented a timing attack against an implementation of Curve25519 (also called X25519). This elliptic curve was designed by DJ Bernstein in order to provide a secure curve without probable NSA back doors and with safe computations. Additionally it was designed to be protected against state-of-the-art timing attacks. The targeted implementation called … Continue reading When Constant-Time Source Code May Not Save You

Spark Summit Europe 2016

I attended Spark Summit Europe 2016 in Brussels this year in October, a conference where Apache Spark enthusiasts meet up. I've been using Spark for nearly a year now on multiple projects and was delighted to see so many Spark users at Square Brussels. There were three trainings to choose from on the first day. I … Continue reading Spark Summit Europe 2016

DEFCON qualifiers write-up: Baby-re

In this simple challenge, we're given the binary of a remote service: $ file baby-re baby-re: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, not stripped This asks for 13 inputs, and then returns `Wrong`, unless we give it the right input. $ ./baby-re Var[0]: 1 Var[1]: … Continue reading DEFCON qualifiers write-up: Baby-re

TROOPERS 2016

I recently attended the TROOPERS conference, held in Heidelberg, Germany. A lot of interesting research was presented, in this blog post I’m going to summarize selected talks that I particularly enjoyed. The first presentation was by Philippe Teuwen, where he demonstrated his latest attack on white-box cryptography. The idea is to apply existing hardware attacks such as side-channel … Continue reading TROOPERS 2016

Defcon 2015 CTF finals

Following the Blackhat conference, I participated to Defcon CTF finals as part of the 0daysober team which qualified in 10th position last June. This event is organized by Legit BS  for the last 2 years. Principle In order to participate to the finals you have to either win a qualifying event (PlaidCTF, Boston Key Party, GitS, … Continue reading Defcon 2015 CTF finals

Black Hat USA 2015

Last week I attended Blackhat USA as part of a trip to Las Vegas to participate in DEFCON CTF finals with the 0daysober team. Here is a summary of the talks I was able to attend. "Why security data science matter and how it's different: pitfalls and promises of data science based breach detection and threat … Continue reading Black Hat USA 2015