Interview of Ange Albertini ("Play with Crypto") Wednesday 2 July 2014 RMLL: May you introduce yourself to the RMLL attendees? Ange Albertini: I am a reverser for some years now and I share freely (as in freedom) my creations and my findings on my site corkami.com. Among others things, it’s about file formats with a lot of hand made examples (code and binaries included), free posters (pics.corkami.com), ... RMLL: What is your background and how did you get in the field of computer security? AA: Like most geeks, I started hacking rather early, with a 10MHz PC in the 80s. We kept this PC for a very long time (we went at once from 10 to 100MHz!), so I found myself soon unable to use any recent software and I then turned to the binary exploration. For example, we cleaned it (infected by Ping-Pong) by modifying in hexadecimal directly my hard drive (which was 20 MB at the time!). And progressively, my interest and skills in reverse engineering led me to other aspects of computer security. RMLL: Why did you get interested in file formats, much deeper than most people? AA: Nowadays, there is a lot of interest about 0-days and network attacks, but it is important to remember that computing is mainly based on certain file formats that are everywhere, but rarely fully explored. And in general, this is the how virus writers and offensive hackers successfully evade detections and filters. To be less caught off-guard (as a professional malware analyst), I started to dig deeper in order to identify other potential problems, to stay a step ahead of malware authors and to avoid bad surprises. A virus writer confessed that he was short on ideas on the PE format, and Gamma (author of FinFisher) offered me a job. Mission accomplished somehow, even if Corkami contains much less things than I would like, due to time constraints. In addition, by freely sharing all my findings, it becomes a sort of ’minimum level’ for tools that want to be robust. It creates a hub of knowledge, as people contact me and suggest some areas to explore, for example, in a malware that cannot be shared, then by reproducing each interesting point separately in a file that I made from scratch, it benefits to everyone. RMLL: Your presentation discusses both forensics and cryptography. Are these areas your main points of interest? AA: Crypto is an area fairly new to me, but I find it interesting to show that we do not need to understand everything to be able to do fun things with it. Crypto is another brick in my playground :-) And, feeling myself quite dumb in crypto, I really explains things step by step, that’s what generally attracts my audience. The forensics aspect is only a consequence of my recent discoveries - it interests me, but I could not really explore it yet. RMLL: Are you a user of free software? What are your favorite free software? AA: I am especially adept of knowledge sharing: all my proofs of concept are published and Libre, and written with open source software, as well as all related documents (posters, graphics) to make it re-usable by everyone without constraint. So I try to use only free softwares: yasm, GIMP, Inkscape, ImageMagick, Blender, MPlayer, AdvanceMENU ... RMLL: How did you hear about RMLL? AA: Sorry, I did not hear a lot about RMLL before, especially not that there was a security track (but I’m rarely in France). RMLL: So we have to make a specific effort on our side ;-) What is the main goal of your presentation? AA: I hope that people will have a good time, and that they learn something without being too bored :-) RMLL: Why are you doing slides with this particular style? AA: I think there is nothing more stupid than saying "we’ve always done it this way". To rely on a rigid model is to believe that this model is perfect in all situations, while the monotony and boredom make learning more difficult. I want my audience to get something out of my presentation, so, if I have time, I question every slide or form of information presentation. A conference presentation is not a required course with an exam at the end: if it is boring, one could just put the content in a blog post and let the audience read at its own speed. RMLL: thank you very much for this interview Ange and "see you" on wednesday July 9th (from remote). Interview done live and from remote by Philippe Teuwen (questions and doing it) and Mathieu Blanc (questions), chairmen of Security track. Translation by Christophe Brocas, chairman with Phil & Mathieu of the Security track, and Ange Alebrtini.