Analysis and Diversion of Duqu's Driver

The propagation techniques and the payload of Duqu have been closely studied over the past year and it has been said that Duqu shared functionalities with Stuxnet. We focused on the driver used by Duqu during the infection, our contribution consists in reverse-engineering the driver: we rebuilt its source code and analyzed the mechanisms it uses to execute the payload while avoiding detection. Then we diverted the driver into a defensive version capable of detecting injections in Windows binaries, thus preventing further attacks. We specifically show how Duqu's modified driver would have detected Duqu.Comment: Malware 2013 - 8th International Conference on Malicious and Unwanted Software (2013

Duqu contre Duqu : Analyse et détournement du driver de Duqu

National audienceProche de Stuxnet avec lequel il partage des fonctionnalités, Duqu a fait l'objet de nombreuses analyses au cours de l'année passée. Nous nous proposons d'en étudier un élément en particulier, le driver. Notre contribution consiste en la rétroingénierie de ce composant par la reconstitution de son code source et une analyse de ses fonctionnalités. Nous avons ensuite détourné le driver pour détecter d'éventuelles injections dans les exécutables Windows et prévenir d'autres attaques. En particulier nous montrons comment le driver de Duqu modifié aurait permis de détecter Duqu

Code synchronization by morphological analysis

International audienceReverse-engineering malware code is a difficult task, usually full of the traps put by the malware writers. Since the quality of defense softwares depends largely on the analysis of the malware, it becomes crucial to help the software investigators with automatic tools. We describe and present a tool which synchronizes two related binary programs. Our tool finds some common machine instructions between two programs and may display the correspondence instruction by instruction in IDA. Experiments were performed on many malware such as stuxnet, duqu, sality or waledac. We have rediscovered some of the links between duqu and stuxnet, and we point out OpenSSL's use within waledac.La rétroconception de programmes malveillants est une tâche difficile, parsemée des embûches préparées par les développeurs du malware. La qualité des logiciels de défense dépendant grandement de l'analyse faite du malware, il est nécessaire de fournir aux analystes des outils automatiques. Nous décrivons ici un outil qui synchronise deux programmes binaires ayant des similarités. Notre outil trouve des instructions assembleur communes et affiche les correspondances dans IDA. Des expériences ont été réalisées sur plusieurs malware tels Stuxnet, Duqu, Sality ou Waledac. Nous avons retrouvé certains liens entre Duqu et Stuxnet ainsi que l'utilisation que Waledac fait d'OpenSSL

LockerGoga quickly reversed

International audienceOur objective is to illustrate the uses of the software GORILLE that we developped at the High Security Lab 1 and more recently at CYBER-DETECT. The recent attacks of LockerGoga against Altran in France and Norsk Hydro in Norway illustrate the necessity to have advanced antimalware defences. GORILLE's basis are morphological analysis. As such, the main features of GORILLE are the following. It is robust with respect to heavy code obfuscations. It applies on dynamic data that can be forged within a virtual environment. Its detection engine is based on behaviour recognition. This contribution is an extended version of our Blog's post 2

Botany, Genetics and Ethnobotany: A Crossed Investigation on the Elusive Tapir's Diet in French Guiana

While the populations of large herbivores are being depleted in many tropical rainforests, the importance of their trophic role in the ecological functioning and biodiversity of these ecosystems is still not well evaluated. This is due to the outstanding plant diversity that they feed upon and the inherent difficulties involved in observing their elusive behaviour. Classically, the diet of elusive tropical herbivores is studied through the observation of browsing signs and macroscopic analysis of faeces or stomach contents. In this study, we illustrate that the original coupling of classic methods with genetic and ethnobotanical approaches yields information both about the diet diversity, the foraging modalities and the potential impact on vegetation of the largest terrestrial mammal of Amazonia, the lowland tapir. The study was conducted in the Guianan shield, where the ecology of tapirs has been less investigated. We identified 92 new species, 51 new genera and 13 new families of plants eaten by tapirs. We discuss the relative contribution of our different approaches, notably the contribution of genetic barcoding, used for the first time to investigate the diet of a large tropical mammal, and how local traditional ecological knowledge is accredited and valuable for research on the ecology of elusive animals

Genetic Dissection of the Function of Hindbrain Axonal Commissures

The Robo3 receptor controls midline crossing by axons. Deleting Robo3 in specific commissural neurons with a conditional knockout reveals their contribution to sensory and motor integration, and models human neurological conditions

Saisir l’économie par le(s) sens: Une approche critique et sorcière de la visualisation de données économiques par le design

La recherche interroge, par la création de projets de design et par une thèse écrite, le rôle et le pouvoir de la visualisation de données dans l’approche des problématiques économiques. Dans cette étude critique et théorique, je me demande d’abord en quoi les visualisations de données qui construisent des accès aux informations et aux questionnements économiques façonnent des représentations et des comportements singuliers. Je fais l’hypothèse que les « technologies intellectuelles » (Goody) qui rendent visibles ces données – les diagrammes, les réseaux, les cartes – ont construit depuis le début du XIXe siècle, une vision particulièrement étroite, désincarnée et dépolitisante de l’économie. Cependant, le design dispose de moyens favorisant, dans certaines conditions, la réappropriation des sujets économiques par les non-expert·e·s. Il s’agit alors de comprendre, en étudiant l’évolution de ses méthodes, la nature du régime contemporain de visualisation des phénomènes économiques, que je qualifie de néolibéral, et d’explorer ensuite les espaces d’intervention du design où des alternatives peuvent se déployer.Dans un second temps, au-delà de décrire, de comprendre ou de faire comprendre des phénomènes économiques, il m’a semblé que le rôle du design dans la visualisation de données était d’opérer des actes de « saisie » : saisir les données et les phénomènes, sur le plan cognitif, pour les comprendre ; mais aussi saisir les phénomènes économiques, dans leur sens, leur signification et leur raison d’être, le sens de l’économie et les objectifs qu’elle poursuit ; enfin, saisir par les sens, sur le plan sensoriel et sensible, en nous rappelant qu’au-delà de l’œil et de la vue, c’est le corps tout entier qui peut opérer la saisie. Ne parvenant pas à saisir l’économie, en me concentrant sur la performance cognitive ou communicationnelle des visualisations de données, l’hypothèse d’une « emprise sorcière » (Stengers et Pignarre), s’est alors imposée comme un terrain d’expérimentation fécond et comme une clé de lecture précieuse pour positionner, dans mon travail, l’imagination, les corps, les sens, les représentations mentales en tant qu’éléments essentiels pour penser l’économie. La magie qui habite nos rapports à l’économie m’oriente d’abord vers le pouvoir de rendre visible l’invisible, que détiennent les visualisations de données, et m’amène à questionner leur puissance liée à leur nature d’image. J’esquisse ensuite, avec la magie des liens (Bruno), une théorie de la visualisation comme pouvoir de relier et introduit la méthode des microcosmogrammes. Enfin, avec la sorcellerie, c’est la capacité à rendre tangible l’impalpable qui est examinée et confrontée au concept de désorcèlement (Favret-Saada), d’où j’extrais des principes méthodologiques et un questionnement sur la figure de la ou du designer-désorceleur.Through the creation of design projects and a written thesis, the research questions the role and power of data visualisation in the approach to economic issues. In this critical and theoretical study, I first wonder how data visualisations that construct access to economic information and issues, shape specific representations and behaviours. I hypothesise that the 'intellectual technologies' (Goody) that make these data visible – charts, diagrams, networks, maps – have built a particularly narrow, disembodied and depoliticising view of the economy since the early nineteenth century. However, under certain conditions, design has the means to encourage the reappropriation of economic subjects by non-experts. I try to understand, by studying the evolution of its methods, the nature of the contemporary regime of visualisation of economic phenomena, which I describe as neoliberal. I then explore the design spaces where alternatives can be deployed.Secondly, beyond describing, understanding or making economic phenomena understood, it seemed to me that the role of design in data visualisation was to allow to grasp: to grasp data and phenomena, on a cognitive level, in order to understand them; but also to grasp economic phenomena, in their meaning, their significance and their raison d'être, the meaning of the economy and the objectives it pursues; finally, to grasp through the senses, on a sensory and sensitive level, reminding us that beyond the eye and the sight, it is the whole body that can carry out the grasping. As I was unable to grasp the economy by focusing on the cognitive or communicative performance of data visualisations, the hypothesis of a 'sorcerer's capture' (Stengers and Pignarre), became a fertile field of experimentation and as a precious key to understanding. It has allowed to position, in my work, imagination, bodies, senses and mental representations as essential elements for thinking about the economy. Firstly, with the magic that inhabits our relationship to the economy, I focus on the power of data visualisations to make the invisible visible, and then I question their power linked to their nature as images. Then, with the magical bondings (Bruno), I sketch a theory of visualisation as a power to bind and introduce the method of microcosmograms. Finally, with witchcraft, it is the capacity to touch the impalpable that is examined and confronted with the concept of unbewitching (Favret-Saada), from which I extract methodological principles and a questioning of the figure of the designer-unbewitcher.Doctorat en Art et Sciences de l'Artinfo:eu-repo/semantics/nonPublishe

Modeling hydrolysis kinetics of dual phase α-Mg/LPSO alloys

This work proposes a new modeling of hydrolysis reaction in simulated seawater solution (35 g/L NaCl) with alloys containing α-Mg and Long Period Stacking Ordered (LPSO) phases. Alloys with different chemical compositions or thermal treatments were synthesized, leading to different (i) microstructures, (ii) α-Mg over LPSO phase fractions or (iii) LPSO type (18R or 14H). Classical nucleation and growth equation is used as an indicator of the reaction mechanisms but a new model is proposed to describe the complex kinetics curves (Vol (H2) = f(t)) obtained. This new model has several advantages: (i) it allows to discriminate the contribution of each phase, (ii) it could be applied to any alloy with phases reacting and (iii) it applies to the whole kinetics curves (i.e. from 0 to 100% yield). It is supported by the comparisons between the different alloys and SEM observations of their microstructure before and after exposure to the seawater solution