2025

• Cracking my own crackme with r2ai, January 6, 2025.

2024

• Arguments descriptor arrays in Dart, September 19, 2024
• Using AI-assisted decompilation of Radare2, September 17, 2024
• Dart shifts to standard calling convention, July 19, 2024
• Untangling Android/TangleBot, July 12, 2024
• On the security of Google Secrets, July 11, 2024
• Inside Sinchat Flutter riskware, May 25, 2024
• Testing Restricted Settings of Android 13 on an emulator, April 4, 2024
• Phishing attempt on French e-tolls, March 21, 2024
• What makes a good CTF challenge?, March 18, 2024
• Android/SpyNote bypasses Restricted Settings and breaks many RE Tools, February 19, 2024
• Android/SpyNote moves to Crypto Currencies, February 15, 2024
• A simple infostealer for beginners, February 9, 2024
• Android/Phoenix authors, claims, sample identification and trends, February 8, 2024
• Reverse engineering of Android/Phoenix, February 6, 2024

2023

• Organizing malware analysis with Colander: example on Android/WyrmSpy, December 18, 2023
• Bad ZIP and new package for Android/BianLian, December 14, 2023
• Eyes on Android/S.O.V.A botnet sample, July 7, 2023
• Inside the KangaPacker: the Kangaroo packer with native decryption, June 23, 2023
• Fortinet Reverses Flutter-base Android Malware Fluhorse, June 21, 2023
• Reversing Flutter apps: Darts’ Small Integers, June 20, 2023
• Dart’s custom calling convention, June 15, 2023
• What’s a CTF? Is it interesting? Will I enjoy it? Do I have the skills for a CTF?, June 8, 2023

2022

• Virus Bulletin Conference 2022 Day 1, Day2, Day 3, October 2022
• English accent for Frogs, July 5, 2022
• Androscope, June 28, 2022
• Unpacking a JsonPacker-packed sample, June 27, 2022
• Tracking Android/Joker payloads with Medusa, static analysis (and patience), June 20, 2022
• Quick look into a new sample of Android/BianLian, June 9, 2022
• Reversing an Android sample which uses Flutter, May 12, 2022
• Warning: GRIM and Magnus Android Botnets are Underground, April 28, 2022
• Android/BianLian Botnet Trying to Bypass Photo TAN use for Mobile Banking, April 13, 2022
• Live reverse engineering of a trojanized medical app - Android/Joker, March 8, 2022
• BianLian C2 domain name, January 25, 2022
• Creating a safe dummy C2 to test Android bots, January 21, 2022
• Android/BianLian payload, January 17, 2022
• Multidex trick to unpack Android/BianLian, January 14, 2022

2021

• Investigating Android malware with Pithus, July 13, 2021
• A basic test locker for Android, July 6, 2021
• A blind try of MobSF over a suspicious Android sample, May 26, 2021
• A native packer for Android/Moqhao, May 19, 2021
• Android/Oji worm fake COVID 19 vaccine registration campaign, May 3, 2021
• Android/Flubot: preparing for a new campaign?, March 29, 2021
• Quark on an Android malware: how good was it? My opinion!, February 9, 2021
• An apparently benign app distribution scheme which has all it takes to turn (very) ugly, February 2, 2021

2020

• Decrypting strings with a JEB script, December 17, 2020
• Unpacking an Android malware with Dexcalibur and JEB, December 16, 2020
• Customizing your Cowrie honeypot, November 3, 2020
• Into Android Meterpreter and how the malware launches it - part 2, Sept 25, 2020
• Locating the Trojan inside an infected COVID-19 contact tracing app, September 18, 2020
• CnC communication of a fake Aarogya Setup COVID-19 app, August 14, 2020
• Reversing V-Alert COVID-19 Android/BankBot: part 1, part 2, May 12, 2020
• Android malware targets diabetic patients, January 31, 2020

2019

• A Mobile Bitcoin Miner? Really?, February 25, 2019

2018

• Fortinet Discovers New Android Apps that Mine the Unminable
• An Android Package is no longer a ZIP, August 23, 2018
• Android/BondPath: a Mature Spyware, August 23, 2018
• Recent Security Research News, June 28, 2018
• You Will Fall For This One Day…, April 9, 2018
• Fortinet at Insomni’hack 2018, March 28, 2018
• Troopers Day 2, Day 1 March 14-16, 2018
• Into the Implementation of Spectre, January 17, 2018
• Security Research News in Brief - November 2017 Edition, January 14, 2018

2017

• Ph0wn: The 1st CTF of Smart Devices is Over! December 7, 2017
• Ph0wn: A CTF Dedicated to Smart Devices, November 27, 2017
• Security Research News in Brief - October 2017 Edition, November 9, 2017
• Security Research News in Brief - August 2017 Edition, October 19, 2017
• Blueborne: Technical Insight , September 19, 2017
• Security Research News in Brief - July 2017 Edition, September 7, 2017
• Analyzing Android malware using a FortiSandbox, August 17, 2017
• NSE Experts Academy CTF ,July 30, 2017
• SSTIC in a nutshell, July 4, 2017
• Security Research News In Brief - May 2017 editi , June 22, 2017
• Zero patch IoT envirment , May 17, 2017
• Security Research News In Brief - April 2017 edition , May 10, 2017
• Security Research News In Brief - March 2017 edition , Mar 24, 2017
• Teardown of a recent variant of Android/Ztorg part 1 and part 2, Mar 15, 2017
• You don’t need to break my heart , Feb 27, 2017

2016

• Reading your tracker’s battery level with a standard Bluetooth 4.0 USB dgle , Dec 9, 2016
• Disassembling Linux/Mirai.B!worm, Dec 8, 2016
• Hackath Sophia Antipolis 2016, Nov 29, 2016
• DefCamp 2016, Nov 18, 2016
• Where I nearly w a cnected coffee machine at DefCamp 2016, Nov 17, 2016
• IoT-based Linux/Mirai: Frequently Asked Questis, Oct 31, 2016
• Hack.Lu 2016 Wrap Up, Oct 25, 2016
• IoT malware are coming. Will you listen to me know?, Oct 24, 2016
• Pebble Smartwatch Talk at Virus Bulletin 2016, Oct 14, 2016
• Risks or not behing Pokém GO, August 11, 2016
• Pokémon GO Plus review through reverse engineering, August 11, 2016
• Android adware trying to deceive the analyst, May 20, 2016
• Your Gossip Is Public, April 22, 2016
• WhatsApp vs Telegram, April 15, 2016
• Insomni’hack 2016, March 25, 2016
• Bad Mirror: New Android Malware family spotted by SherlockDroid, March 7, 2016

2015

• Hacktivity 2015 October 14, 2015
• CryptoGirl StageFright: A Detailed Explanation August 25, 2015
• StageFright, Telegram Stage-Left & WhatsApp Stage-Right August 14, 2015
• Locker, an Android ransomware full of surprises August 11, 2015
• Want Everybody to Know You’re Flirting? This App is For You! July 25, 2015
• Insurance Fraud via Internet of ThingsJuly 9, 2015
• Nuit du Hack 2k15 June 25, 2015
• Hack in Paris 2015 June 24, 2015
• Android Security Report in Far Less Than 44 Pages April 17, 2015
• InsomniDroid Part 2: Write Up April 4, 2015
• Insomni’Hack iOS challenges March 26, 2015
• Insomni’hack CTF write up March 25, 2015
• Insomni’hack 2015 March 23, 2015
• Investigating PawnStorm for iPhone February 13, 2015
• Aggressive Riskware Installati Amaz Kindle (and Android) January 12, 2015

2014

• Inside Hack.Lu 2014 November 10, 2014
• Android Emmental, Adding Cheese in Emmental Holes October 30, 2014
• Inside BlackHat Europe 2014 October 29, 2014
• 0wning Emmental October 20, 2014
• Android Packers Talk at Hacktivity October 9, 2014
• My Day Unbricking a Friend’s Phe September 17, 2014
• Want everybody to know you’re flirting? this app is for you! July 25, 2014
• Clean for the phe, but not clean in the code July 7, 2014
• iOS Malware Does Exist, June 9, 2014
• AngeCrypti at Insomni’Hack, March 31, 2014
• Mobile Advertisement Serving Fake Anti-Virus and App Over Billing Spanish newspaper, March 14, 2014
• New Drive By Download Android Malware, February 17, 2014
• Malware or Spam Campaign Internet of Things, January 27, 2014

2013

• Sophisticated DEX obfuscati or Proguard configuration issue?, December 16, 2013
• RATP Android Application Privacy: Status, December 2, 2013
• Alligator at GreHack, November 14, 2013
• Hack.lu Capture The Flag (CTF)- RoboAuth, October 29, 2013
• Hacktivity 2013: Keynotes, October 17, 2013
• VB 2013- Day 3, October 14, 2013
• VB 2013- Day 2, October 11, 2013
• VB 2013- Day 1, October 10, 2013
• iPhe 5S: Inside the Secure Enclave, September 16, 2013
• NSA’s (and GCHQ) Decryption Capabilities: Truth and Lies, September 6, 2013
• Alligator detects GPS leaking adware, August 2, 2013
• Mobile Malware Gets in the Top 10 Viruses, July 29, 2013
• Millis of SIM cards vulnerable to remote compromise, July 24, 2013
• Don’t Send Your SMS Scam to an AntiVirus Analyst
  (http://blog.fortinet.com), July 17, 2013
• I am Datarmined to secure my Facebook posts, July 8, 2013
• An Anti-Virus Analyst’s Day (or Hour) into Firefox OS, June 20, 2013
• NSA Has Large Disks, June 10, 2013
• 11M for a simple cference program applicati, May 27, 2013
• 1,000 malicious Android samples per day, May 13, 2013
• Finding Similarities and Differences at DEX level, May 6, 2013

2012

• EuroGrabber is Zitmo , December 7, 2012
• Hashdays Android Challenge: the Solution, November 23, 2012
• Hashdays Arduino Badge November 9, 2012
• Hashdays 2012 wrap-up November 7, 2012
• Advanced Tools for Android Reverse Engineering November 5, 2012
• Hashdays Android Challenge: Win a FortiGate , October 29, 2012
• Hashdays challenge by Fortinet to begin Oct 29, 2012, October 23, 2012
• Android/Fakemart’s end: authors has been identified October 19th, 2012
• Android malware distributed by malicious SMS in France September 21st, 2012.
• Making mey out of Android/Fakemart September 3, 2012.
• Dalvik Executable (DEX) Embedded in another DEX! August 23, 2012.
• Android byte-code obfuscati challenge July 30th, 2012.
• Ctrolling Android/Zitmo by SMS commands July 21st, 2012
• StarCraft culture to understand Android June 19th, 2012
• Tracking Android/Fcy- June 6th, 2012.
• Back from EICAR 2012- May 25th, 2012. -(http://blog.fortiguard.com/droidkungfu-is-getting-smarter-hopefully-so-am-i/">DroidKungFu is getting smarter (hopefully, so am I)- May 11th, 2012.
• Mobile Botnets: We Had Told You So- April 20th, 2012.

2011

• Analyzing CarrierIQ’s defense, December 20th, 2011.
• Android/Fcy emanating and propagating in France, December 15, 2011.
• CarrierIQ Android- FAQ December 13, 2011.
• Levitator: Root your Android phe November 25th, 2011.
• OpenBTS for Mobile Malware Analysis, November 17th, 2011.
• Symbian malware uses a 91-byte XOR key, November 8th, 2011.
• Clarifying Android/DroidKungFu variants, October 26th, 2011.
• VB 2011 talks, part 3 and end, October 25th, 2011.
• VB 2011 talks, part 2, October 18th, 2011.
• VB 2011 talks, part 1, October 12th, 2011.
• QR code and mobile malware: it happened!, October 3rd, 2011.
• Spitmo gets Android: mini-FAQ, September 16th, 2011.
• Android/Zitmo: an Update, July 18, 2011.
• Zitmo hits Android, July 8, 2011.
• Android/CruseWin carries a malicious kill switch, July 4, 2011.
• Android/DroidKungFu: attacking from a mobile device?, June 16, 2011.
• Android/DroidKungFu uses AES encrypti, June 9, 2011.
• Android/Smspacem under the microscope, May 30, 2011.
• Airpush… pushes the envelope, May 17, 2011.
• iPhe Tracking, April 21, 2011.
• Mobile Malware Statistics, March 28, 2011.
• How Android/Fake10086 selectively blocks SMS- step by step, March 10, 2011.
• Android/DroidDream uses two vulnerabilities, March 3, 2011.
• Hacking Mobile Phe Statistics, March 1, 2011.
• What’s new in Zitmo.B?, February 23, 2011.
• ShmooC 2011 Debriefing, February 9, 2011.
• Mobile phishing related to Yxes, January 12, 2011.

2010

• Hidden feature in Android spyware, November 12, 2010.
• Symbian malware and Internet Access Points, November 4, 2010.
• Zitmo Follow Up: From Spyware to Malware, September 28, 2010.
• Zeus In The Mobile (Zitmo): Online Banking’s Two Factor Authenticati Defeated- , September 27, 2010
• You can’t judge a book by its cover, September 7, 2010.
• iPhe 4 / iPad: the Keys Out of Pris, August 5, 2010.
• Mobile Malware Sends WAP Push SMS, August 3, 2010.
• Symbian Signed Mobile Malware: One Gang?, July 29, 2010.
• SymbOS/Album One Step Closer To Mobile Botnets, July 15, 2010.
• SymbOS/Album Follows the Path of SymbOS/Yxes, July 8, 2010.
• How to send an SMS- the geeky way, June 7, 2010.
• EICAR 2010: Presentati Round-Up, June 4, 2010.
• Airport flight schedule crash (unharmful), May 25, 2010.
• WinCE/Terdial or impunity for dialers, May 17, 2010.
• No, the iPad is NOT hacked, May 3, 2010.
• Reversing the Symbian Enoriv malware, April 13th 2010.
• SymbOS/Yxes goes versi 2, March 4th 2010.
• 10 Predictis for Mobile Malware in 2010, January 28th 2010.
• Malicious Transfer of IM3 funds: the Return, January 26th 2010.

2009 and before

• Duh’s not malicious, dude!, December 10th 2009.
• Securing your jailbroken iPhone, December 2nd 2009.
• John Doe’s Credentials, November 16th 2009.
• Targeted Spam: an Unfair Blow to Security, November 5th 2009.
• When Your Phe Becomes Your Worst Enemy, October 27th 2009.
• Keep your phone healthy: H1N1 vs. SymbOS/Yxes, October 13th 2009.
• Transmitter.C is not Yxes.E, August 26th 2009.
• Symbian Certificates or How SymbOS/Yxes got Signed, August 4th 2009.
• SymbOS/Yxes or downloading customized content, July 21st 2009.
• Detecting spyware for iPhones, July 16th 2009.
• Friendly’ spam: A trick for managing unwanted emails from family, friends , June 25 2009.
• June 9th, 2009, Trash CRC32
• April 21, 2009, 2D Codes: Lowering the “bar” for mobile threats ?
• April 13, 2009, Attacking stamps for fun and profit ?
• March 9, 2009, Flocker virus writer’s name found via Google? Or privacy issue?
• February 23, 2009, A cryptographer’s eye antivirus analysis