Hi there ! I am Robin a computer security researcher and a computer science enthusiast at large. I spend a lot of time coding, working on personal projects, writing PoC, doing CTF and trying to put my hands on hardware stuff Arduino & Co. Lately, I had the opportunity of doing a PhD to work on my favorite subject namely reverse-engineering and malware analysis. Since then, I joined Quarkslab where I am enjoying working on reverse-engineering and low-level stuff.
I performed my PhD at the Atomic Energy Commission (CEA) within the Safety and Security Laboratory. My subject was trying using formal methods used in the lab for software verification of critical systems (nuclear powerplants, avionic) but applied here for malware deobfuscation. Among the existing techniques, like abstract interpretation or weakest-precondition calculus, I focused on Dynamic Symbolic Execution (DSE) which provides great properties for obfuscated codes. I also worked to optimize DSE for such codes and developped different approaches (forward/backward) and combinations (static, dynamic, symbolic) to address different issues. The end goal of the research is to recover the best approximation of the binary program CFG to enable more relevant malware signatures (in a future work).
Black Hat EU
This talks present new Dynamic Symbolic Execution algorithms geared to scale on obfuscated code.
This talks also shows various analysis combination (static, dynamic and symbolic) allowing to detect various
obfuscations like opaque predicates and call/stack tampering. All the analyses were implemented in
Binsec/SE, Pinsec and IDASec respectively the symbolic engine, dynamic instrumentation and IDA plugin.
Using these tools, multiples demos will be made on various packers and more especially on some malicious
components used by the Sednit/APT28 group for its targeted attacks campaigns.
Robin David, Sébastien Bardin, Jean-Yves Marion
Josselin Feist, Laurent Mounier, Sébastien Bardin, Marie-Laure Potet, Robin David
Robin David, Sébastien Bardin, Josselin Feist, Laurent Mounier, Marie-Laure Potet, Thanh Dinh Ta, Jean-Yves Marion
Robin David, Sébastien Bardin, Thanh Dinh Ta, Josselin Feist, Laurent Mounier, Marie-Laure Potet, Jean-Yves Marion
Sébastien Bardin, Mickaël Delahaye, Robin David, Nickolaï Kosmatov, Mike Papadakis, Yves Le Traon, Jean-Yves Marion
Complete list of publications and download links: here (academic and non-academic)
Polytechnique, Ecole Polytechnique
Polytech Paris-Sud, Université Paris Sud (Paris XI) (now Université Paris-Saclay)
Polytech-UPMC, Université Pierre et Marie CURIE (Paris 6)
UPEC, Université Paris-Est Créteil Val-de-Marne
Detailed list of teachings here
Various (Github) projects
Other blog posts
- 2013-01-28 - Raspberry Pi First Config and Services Configuration
- 2012-06-16 - Wikipedia Frequency Analysis
- 2012-06-15 - Vigenere crypto chall with a basic Kasiski-Babbage implementation