This pages summarizes some of the projects my students and I['m currently|had been] working on. All of our work is free software, thus patches and comments are appreciated.


Current version: 0.3 | Last update: 2016-06-17

The demovfuscator is a generic deobfuscator for binaries that were compiled using Christopher Domas' famous M/o/Vfuscator. The current release is able to reconstruct the CFG of the original program and partially re-substitutes the mov instructions by their equivalent high-level ASM opcodes. Note that the demovfuscator is work in progress software, i.e. patches and comments are very welcome!

TCP Stealth

Current version: 1.0 | Last update: 2014-12-13 | Newest supported kernel: 3.18

TCP_Stealth is an RFC draft and an extension for the Linux kernel providing a modern version of port knocking for TCP sockets. Unlike other approaches, TCP_Stealth is safe against active MitM attacks, is able to ensure the integrity of the first TCP segment sent after the handshake, and requires only minimal changes to existing applications (setsockopt).