The handbag of Cryptax
Write-ups Publications Tags About
The handbag of Cryptax

Publication list

Conferences & Journals

Note
By default, if no author name is mentioned, I’m the sole author.

2025

  • To be announced :)

2024

  • R2AI, BlackAlps, Yverdon les Bains, November 2024, Lightning Talk
  • Android Flutter Malware, Virus Bulletin, Dublin, Ireland, October 2024,
  • Reversing Dart AOT snapshots, Phrack Magazine, Volume 0x10, Issue 0x47, Phile 0x0B of 0x11, August 2024.
  • The Accessibility Abyss: Navigating Android Malware Waters, Insomnihack, Lausanne, Switzerland, April 2024, ,
  • The Complexity of Reversing Flutter Applications, Nullcon, Berlin, Germany, March 2024, ,

2023

  • Unraveling the Challenges of Reverse Engineering Flutter Applications, BlackAlps, Yverdon-les-Bains, Switzerland, November 3, 2023.
  • The Mobile Malware Maze, BruCON Keynote, Mechelen, Belgium, September 2023.
  • Hacking for Ideas, THCon Keynote, Toulouse, April 2023. at 1:06:56.
  • Hacking a jump rope and/or a Coffee Machine:
    • Stay fit: hack a jump rope, Troopers, Heidelberg, Germany, June 2023.   
    • Hacking your Jump Rope or your Coffee Machine, Insomnihack, Lausanne, Switzerland, March 2023.  

2022

  • Hunting the Android/BianLian botnet, Virus Bulletin, Prague, September 2022.
  • Unpacking de malware Android:
    • Vous n’écrirez plus de script Frida, BlackAlps, Yverdon-les-Bains, Novembre 2022. fr
    • Unpacking 1, 2, 3!, Barbhack, Toulon, August 2022.   . fr

2021

  • Touche pas à mon dossier médical, SecSea, La Ciotat, France, October 15, 2021 fr
  • Reverse Android malware like a Jedi Master, Virus Bulletin Conference (online), October 7-8, 2021. ,  
  • Live reverse engineering of Android Malware:

2020

  • Building and maintaining a honeypot for medical devices, BotConf (online), December 2020.

  • Malware and Cybercrime in Medical IoT, CCCC, September 14, 2020.

  • A. Apvrille, T. Goodspeed: on glucose sensor:

    • Security analysis of a Connected Glucose Sensor for Diabetes, Technical report, June 2020
    • Pique curiosity, not diabetic fingers, Pass The Salt, July 2020 (virtual edition),
    • Capteur de glycémie connecté : les interdits, Barbhack, August 2020 fr,
    • Hacking de capteur de glycémie connecté, UYBHYS, November 2020 (online)  - starts at 54'45

  • T. Goodspeed, A. Apvrille, NFC exploitation with the RF430RFL152 and ‘TAL152, PoC || GTFO, volume, 20:03.

  • Medical malware on Android (all talks are on the same topic, but with different samples analyzed)

    • SecSea, June 2020 (virtual edition)
    • Nullcon Webinar, August 2020
    • NoHat, November 2020

  • Hacking a Smart Coffee Machine:

    • Talk was accepted at Insomni’hack 2020, but cancelled due to COVID
    • BSides Munich, August 2020 (online)

  • A. Apvrille, T. Goodspeed, A. Lakhani, Malware, Cybercrime and Vulnerabilities for Diabetic Patients. Talk was accepted at Troopers 2020, but cancelled due to COVID.

  • A. Lakhani, A. Apvrille, Bringing Down the Empire: The Internet of Medical Things, RSA, San Francisco, USA, February 2020,

2019

  • A. Apvrille, T. Goodspeed, The inner guts of a connected glucose sensor for diabetes, BlackAlps, Yverdon-les-Bains, Switzerland, November 2019.
  • Smartphone apps: let’s talk about privacy, Hack. Lu, Luxembourg, October 2019.
  • A. Apvrille, A. Lakhani, Medical IoT for diabetes and cybercrime, Virus Bulletin, London, UK, October 2019.
  • Abusing cryptocurrencies on Android smartphone:
    • Insomni’hack, Geneva, Switzerland, March 2019
    • Sthack, Bordeaux, June 2019

2018

  • Cryptocurrency mobile malware, BlackAlps, Yverdon-les-Bains, Switzerland, November 2018
  • Junior CTF, Lightning Talk at Hack.Lu, Luxembourg, October,
  • Does Malware Based on Spectre Exist?, Virus Bulletin, July 2018
  • Are there Spectre-based malware on your Android smartphone?, Pass The Salt, Lille, France, July 2018,
  • A. Apvrille, P. Paget, Ph0wn smart devices CTF: Behind the Scenes, Insomni’hack, Geneva, Switzerland, March 2018,
  • Is my toothbrush really smart?, Troopers, Heidelberg, Germany, March 2018,

2017

  • Android Reverse Engineering Tools: not the usual suspects, Virus Bulletin Conference, Madrid, Spain, October 2017
  • Ingénierie inverse d’une brosse à dents connectée, Symposium sur la sécurité des technologies de l’information et des communications (SSTIC), Rennes, 7-9 juin 2017 fr

2016

  • Infecting Internet of Things, DefCamp, Bucharest, Romania, November 2016
  • Mobile Applications: a Backdoor into Internet of Things?, Virus Bulletin Conference, Denver, USA, October 2016
  • Reversing Internet of Things from mobile applications:
    • Insomni’hack, Geneva, March 2016
    • Area 41, June 2016

2015

  • Geek usages for your Fitbit Flex tracker Hack.lu, Luxemburg, October 2015
  • Criminal Profiling: Android Malware, Nuit du Hack, Paris, June 20, 2015,
  • Fitness Tracker: Hack in Progress:
    • Hack in Paris, Paris, June 18-19, 2015,
    • Hacktivity, October 2015
  • L. Apvrille, A. Apvrille, Identifying Unknown Android Malware with Feature Extractions and Classification Techniques, IEEE TrustCom, Helsinki, Finland, 20-22 August 2015 see here
  • Pawn Storm: What’s Up on iOS devices?, Insomni’hack, Geneva, March 2015,
  • A. Apvrille, L .Apvrille, SherlockDroid: a Research Assistant to Spot Unknown Malware in Android Marketplaces, Journal in Computer Virology and Hacking Techniques, vol. 11, no. 39, pages 1-11, 2015. DOI

2014

  • A. Apvrille, L. Apvrille, SherlockDroid: an Inspector for Android Marketplaces, Hack.Lu, Luxembourg, October 21-24 2014,
  • A. Apvrille, A. Albertini, Hide Android Applications in Images, BlackHat Europe, Amsterdam, NL, October 2014, 16-17
  • Inside the iOS/AdThief malware, Virus Bulletin, August 2014, ,
  • A. Apvrille, R. Nigam, Obfuscation in Android malware and how to fight back,
    • 8th International CARO Workshop, May 15-16, Florida, USA.
    • Virus Bulletin, July 2014
  • Playing Hide and Seek with Dalvik Executables, Insomni’Hack, March 2014

2013

  • L. Apvrille, A. Apvrille, Pre-filtering Mobile Malware with Heuristic Techniques, GreHack, Grenoble, France, November 2013
  • Playing Hide and Seek with Dalvik Executables:
    • Hacktivity, Budapest, Hungary, October 2013
    • Hack.Lu, Luxembourg, October 2013,
  • K. de Pontevès, A. Apvrille, Analysis of Android In-App Advertisement Kits, Virus Bulletin Conference, pp. 133-138, Berlin, Germany, October 2013.

2012

  • Guns and Smoke to Defeat Mobile Malware, Hashdays, Lucerne, Switzerland, November 2-3 2012.
  • A. Apvrille, G. Lovet, An Attacker’s Day into Virology: Human vs Computer, BlackHat Europe, Amsterdam, The Netherlands, March 14-16 2012,
  • Android Reverse Engineering Tools, Insomni’Hack 2012, Geneva, Switzerland, March 2, 2012
  • A. Apvrille, T. Strazzere, Reducing the Window of Opportunity for Android Malware:
    • in Proceedings of the 21st EICAR Annual Conference, pp. 131-149, Lisbon, Portugal, May 7-8, 2012
    • in Journal in Computer Virology 2021, , DOI: 10.1007/s11416-012-0162-3
  • Symbian worm Yxes: towards mobile botnets?, Journal in Computer Virology, 2012, , DOI: 10.1007/s11416-012-0163-2

2011

  • Cryptography for Mobile Malware Obfuscation, RSA Europe, London, UK, October 2011.
  • An OpenBTS GSM Replication Jail for Mobile Malware, Virus Bulletin Conference, pp. 86-94, Barcelona, Spain, October 2011. . Copyright is held by Virus Bulletin Ltd but made available on this site for personal use free of charge by permission of Virus Bulletin.
  • Mobile Malware in Practice, Insomni’Hack, Geneva, Switzerland, March 4, 2011,
  • A. Apvrille, K. Yang, Defeating mTANs for profit:
    • ShmooCon 2011, Washington DC, USA, January 28-30 2011,
    • Virus Bulletin, pp. 6-10, March 2011 and part two
  • OpenBTS for dummies v0.5, April 2011,

2010

  • Symbian Worm Yxes: Towards Mobile Botnets?, in Proceedings of the 19th EICAR Annual Conference, pp. 31-54, Paris, France, May 8-11, 2010 (Best Paper Award)
  • A. Apvrille, J. Zhang, Four Malware and a Funeral, in Proceedings of 5th Conf. on Network Architectures and Information Systems Security SAR-SSI, Menton, France, May 18-21, 2010.
  • The Four Horsemen, CONFidence Krakow, Poland, May 24-26, 2010

2006

  • L. Apvrille, P. de Saqui-Sannes, R. Pacalet et A. Apvrille, Un environnement de conception de systèmes distribués basé sur UML, Annals of Telecommunications, Vol. 61, n 11/12, pp. 1347-1368, Nov. 2006 abstract

2005

  • L. Apvrille, P. de Saqui-Sannes, A. Apvrille, Une méthodologie de conception des systèmes distribués basée sur UML, Actes de la 5ème conférence sur les nouvelles technologies de la répartition NOTERE'05, p 217-214, Gatineau, QC, Canada, 29 août - 1er septembre 2005.
  • A. Apvrille, M. Pourzandi, Secure Software Development by Example, IEEE Security & Privacy, vol. 3, no. 4, July/August, 2005, pp. 10-17.
  • A. Apvrille, D. Gordon, DigSig novelties, Libre Software Meeting, Security Topic, July 4-9 2005

2004

  • A. Apvrille, M. Pourzandi, XML Distributed Security Policy for Clusters, Computers & Security Journal (COSE91), Elsevier, vol. 23, no. 8, pp 649-658, December 2004 - abstract
  • A. Apvrille, M. Pourzandi, Trusted Computing in Linux: status, Linux World magazine, Vol. 2, No. 12, December 2004
  • A. Apvrille, D. Gordon, S. Hallyn, M. Pourzandi, V. Roy, DigSig: Runtime Authentication of Binaries at the Kernel Level, in the Proceedings of the 18th Large Installation System Administration Conference LISA, pp. 59-66, Atlanta, November 14-19 2004
  • M. Pourzandi, A. Apvrille, Setting up Virtual Security Zones in a Linux Cluster, Linux Journal, Issue 126, October 2004 html
  • A. Apvrille, M. Pourzandi, D. Gordon, V. Roy, Stop Malicious Code Execution at Kernel-Level, Linux World magazine, Vol. 2, No. 1, January 2004.

2003

  • M. Pourzandi, A. Apvrille, E. Gingras, A. Medenou, D. Gordon, Distributed Access Control for Carrier Class Clusters, Parallel and Distributed Processing Techniques and Applications PDPTA'03 conference, Las Vegas, June 2003.

2002

  • A. Apvrille, J. Hughes, V. Girier,Streamed or Detached Triple Integrity for a Time Stamped Secure Storage System, First International IEEE Security in Storage Workshop (SISW'2002), Greenbelt, Maryland, USA, December 2002,
  • A. Apvrille, V. Girier, XML Security Time Stamping Protocol, Information Security Solutions Europe conference (ISSE'02), Paris, October 2002,
  • A. Apvrille, J. Hughes, A Time Stamped Virtual WORM System, SEcurité de la Communication ur Internet workshop (SECI'02), Tunis, Tunisia, September 2002,
  • Programmation sécurisée sous Java : retour d’expérience, OSSIR RESIST, September 2002,
  • L’horodatage sécurisé : état de l’art et applications, OSSIR RESIST, June 2002.

Diamond Editions fr

MISC Magazine

  • Android/FluHorse, le malware qui défie les désassembleurs, MISC no. 136, Novembre/Décembre 2024,
  • 20 ans de virus sur téléphone mobile, MISC no. 132, Mars/Avril 2024,
  • Utilisation malveillante de l’API d’accessibilité sur Android, MISC no. 122, Juillet 2022,
  • Rançon sur téléphone mobile : les entrailles d’Android/Koler, MISC, no. 107, January-February 2020
  • Analyse de la sécurité d’un capteur de glucose, MISC, no. 106, November-December 2019
  • Rétro-ingénierie d’applications Android avec Androguard, MISC, no. 92, July 2017,
  • Les objets connectés peuvent-ils être infectés?, MISC, Hors Série no. 15 : Sécurité des objects connectés.
  • Analyse de la sécurité d’un bracelet sportif, MISC no. 87, p. 76, Septembre-Octobre 2016
  • L. Apvrille, A. Apvrille, P. Bogossian, Retour d’expérience sur quelques épreuves de Hack.lu 2013, MISC, no. 73, p. 50-86, May-June 2014.
  • Détenu virus mobile : nous avons les moyens de vous faire parler ! MISC, Hors série, no. 5, p. 80, April - May 2012
  • Le virus Symbian RommWar à la loupe, MISC, no. 46, p. 42-49, November-December 2009.
  • La sécurité des Wikis, MISC, no. 44, p. 76-82, July-August 2009
  • Conception et architecture de la bibliothèque cryptographique d’OpenSSL, MISC, no. 32, p. 52-60, July-August 2007
  • Protéger les messages applicatifs avec XML Security ou PKCS, MISC no 25, May-June 2006.
  • Des erreurs dans mon code sécurisé, où ça ?!, MISC, no. 16-17, November 2004 - January 2005
  • L’ASN.1 par l’exemple dans les certificats X.509, MISC, no. 15, September - October 2004
  • A. Apvrille, M. Pourzandi, Protéger un réseau de machines distribuées contre un débordement de buffer… d’un seul coup, MISC, no. 7, May-June 2003

Hackable Magazine

  • Piloter sa cafetière connectée, Hackable no. 33, April-June 2020
  • Fabriquez votre T-shirt interactif avec un Lilypad Arduino Hackable, no. 21, p. 96, November-December 2017
  • A. Apvrille, L. Apvrille, Ventilation controlée par des framboises, Hackable, no. 11, p. 32, March-April 2016.
  • A. Apvrille, L. Apvrille, Contrôler sa chaudière à distance avec un Raspberry Pi, Hackable, no.8, p.60, September-October 2015