diff --git a/report/bibliography/urls.tex b/report/bibliography/urls.tex new file mode 100644 index 0000000..6b66d4a --- /dev/null +++ b/report/bibliography/urls.tex @@ -0,0 +1,19 @@ +% CONTRACTS +\newcommand{\urlcontractfakeweth}{https://polygonscan.com/address/0x15391A813d255e76de9b6b6d60df75c73f91121a} +% CODE +\newcommand{\urlcodesmartbugs}{https://github.com/smartbugs/smartbugs} +\newcommand{\urlcodehoneybadger}{https://github.com/christoftorres/HoneyBadger} +% IMAGES +\newcommand{\urldiagrambytecode}{https://gists.rawgit.com/ajsantander/23c032ec7a722890feed94d93dff574a/raw/a453b28077e9669d5b51f2dc6d93b539a76834b8/BasicToken.svg} +% VIDEOS +\newcommand{\urlvideohackertraps}{https://www.youtube.com/watch?v=4bSQWoy5a_k} +\newcommand{\urlvideomasqueradingcode}{https://www.youtube.com/watch?v=l1wjRy2BYPg} +% CHANGELOGS +\newcommand{\urlchangelogsoliditybugs}{https://github.com/ethereum/solidity/blob/develop/docs/bugs.json} +% STANDARDS +\newcommand{\urlstandardeipproxy}{https://eips.ethereum.org/EIPS/eip-1967} +% ARTICLES +\newcommand{\urlarticleredpill}{https://zengo.com/zengo-uncovers-security-vulnerabilities-in-popular-web3-transaction-simulation-solutions-the-red-pill-attack/} +\newcommand{\urlarticledeconstructingcontract}{https://blog.openzeppelin.com/deconstructing-a-solidity-contract-part-i-introduction-832efd2d7737} +% PAPERS +\newcommand{\urlpaperartofthescam}{https://arxiv.org/pdf/1902.06976.pdf} diff --git a/report/context.tex b/report/context.tex index ff61687..1c9f581 100644 --- a/report/context.tex +++ b/report/context.tex @@ -2,10 +2,10 @@ % VARIABLES % ============================================================================= -\newcommand{\AUTHOR}{Apehex} +\newcommand{\AUTHOR}{Forta Community} \newcommand{\CLIENT}{Forta} \newcommand{\DATE}{11/08/2023} \newcommand{\VERSION}{0.2.1} \newcommand{\TITLE}{Evasion Techniques} -\newcommand{\SUBTITLE}{State Of The Art} +\newcommand{\SUBTITLE}{Report On The Continuous Monitoring} \newcommand{\SUBJECT}{Web3} diff --git a/report/main.tex b/report/main.tex index e12012f..0cefba6 100644 --- a/report/main.tex +++ b/report/main.tex @@ -9,7 +9,7 @@ \input{context} % Global settings % ======================================================================================= -\addbibresource{bibliography/references.bib} % bibliography file +\input{bibliography/urls} % ======================================================================================= @@ -42,12 +42,13 @@ \part{Overview} % \chapter{Introduction} \label{ch:introduction} \input{sections/preamble/introduction} \input{sections/preamble/methodology} -\input{sections/preamble/related} +% \input{sections/preamble/related} % ======================================================================================= -% PART 1: KNOWN +% PART 2: KNOWN % ======================================================================================= -\part{Known Techniques} +\input{sections/evasion/known/description} +\part{Known Evasion Techniques} %---------------------------------------------------------------------------------------- \chapter{Spoofing} \label{ch:known-spoofing} \input{sections/evasion/known/spoofing/description} @@ -76,29 +77,43 @@ \chapter{Redirection} \label{ch:known-redirection} \newpage\input{sections/evasion/known/redirection/selector-collisions} % ======================================================================================= -% PART 2: FORESEEN +% PART 3: FORESEEN % ======================================================================================= -\part{Foreseen Techniques} +% \addtocontents{toc}{\protect\newpage} +\input{sections/evasion/foreseen/description} +\part{Foreseen Evasion Techniques} %---------------------------------------------------------------------------------------- \chapter{Spoofing} \label{ch:foreseen-spoofing} \input{sections/evasion/foreseen/spoofing/description} -\input{sections/evasion/foreseen/spoofing/fake-users} +\input{sections/evasion/foreseen/spoofing/sybils} \chapter{Obfuscation} \label{ch:foreseen-obfuscation} \input{sections/evasion/foreseen/obfuscation/description} \input{sections/evasion/foreseen/obfuscation/packing} +\chapter{Poisoning} \label{ch:foreseen-poisoning} +\input{sections/evasion/foreseen/poisoning/description} +\input{sections/evasion/foreseen/poisoning/living-off-the-land} % ======================================================================================= -% PART 3: TOOLING +% PART 1: DETECTION % ======================================================================================= -\addtocontents{toc}{\protect\newpage} -\part{Detection Tools} -%---------------------------------------------------------------------------------------- -\chapter{Malware Detection In Web3} \label{ch:transposing-to-web3} \input{sections/detection/description} -\input{sections/detection/data} -\input{sections/detection/technologies} -\chapter{Designing The Forta Agent} \label{ch:forta-agent} -\section{Taking Advantage Of The Network} \label{sec:} +\part{Detection In Web3} +%---------------------------------------------------------------------------------------- +\chapter{Static Analysis} \label{ch:static-analysis} +\input{sections/detection/static/description} +\input{sections/detection/static/metadata} +\input{sections/detection/static/code} +\chapter{Dynamic Analysis} \label{ch:dynamic-analysis} +\input{sections/detection/dynamic/description} +\input{sections/detection/dynamic/metadata} +\input{sections/detection/dynamic/traces} +\chapter{Hybrid Analysis} \label{ch:hybrid-analysis} +\input{sections/detection/hybrid/description} +\input{sections/detection/hybrid/statistics} +\input{sections/detection/hybrid/graph} +\chapter{Taxonomy} \label{ch:taxonomy} +\input{sections/detection/taxonomy/description} +\input{sections/detection/taxonomy/diagram} % ======================================================================================= % PART 4: APPENDICES @@ -115,6 +130,6 @@ \part{Appendices} \chapter{Samples} \input{appendices/samples} %---------------------------------------------------------------------------------------- -\newpage\printbibliography[title = {Resources}] +% \newpage\printbibliography[title = {Resources}] \end{document} diff --git a/report/sections/detection/data.tex b/report/sections/detection/data.tex deleted file mode 100644 index 7319f3e..0000000 --- a/report/sections/detection/data.tex +++ /dev/null @@ -1,37 +0,0 @@ -\section{Data Sources} \label{sec:execution-time} - -The data available for analysis depends on the execution stage and scope. -There are three main contexts. - -\subsection{Static Analysis} - -Outside execution, the blockchain and the surrounding services act as a cold storage. - -\begin{description} -\item[contract metadata]{details like the contract's creator, the balance, the creation timestamp and associated Ether provide a context to the whole analysis} -\item[bytecode representation]{similarly to the traditional binaries, smart contracts are compiled into bytecode which can be parsed: headers} -\item[opcode sequences]{bytecode can be interpreted as a language, giving a level of abstraction to the analysis} -\item[function signatures]{more specifically, functions can be extracted and compared to the reference implementations of the standards for example} -\item[source code]{when available, this layer can hold deceptive measures for the human reader; hence, it is very informative + creation code (not in bytecode)} -\end{description} - -\subsection{Dynamic Analysis} - -When a transaction is committed to the blockchain, trace data is generated: - -\begin{description} -\item[transaction metadata]{the global variables \lstinline[language=Solidity]{block}, \lstinline[language=Solidity]{tx} and \lstinline[language=Solidity]{msg} hold valuable informations} -\item[state changes]{storage slots and balance may change} -\item[function calls]{this can be insightful in determining the contract's behavior} -\item[external calls]{identify if the contract interacts with other contracts or addresses} -\item[events]{the list of events is always available} -\end{description} - -\subsection{Network Analysis} - -Statistics and graph theory can be applied on the blockchain as a whole: - -\begin{description} -\item[transaction data]{the blockchain can be interpreted as a graph, with addresses as nodes and transactions as vertexes} -\item[historical behavior]{the activity of a single address over time can be broken-down with statistics} -\end{description} diff --git a/report/sections/detection/description.tex b/report/sections/detection/description.tex index e716701..f07e392 100644 --- a/report/sections/detection/description.tex +++ b/report/sections/detection/description.tex @@ -1,2 +1,2 @@ -In this section, we'll consider each the parts and processes of the detection tools. -This serves both the purpose of imagining how they can fail as well as designing the next tools. +\setpartintro{We'll transpose the traditional malware analysis to the smart contracts.\\ +This serves both the purpose of designing detection tools as anticipating their failure, e.g. the avenues for evasion.} diff --git a/report/sections/detection/dynamic/description.tex b/report/sections/detection/dynamic/description.tex new file mode 100644 index 0000000..14f3a8c --- /dev/null +++ b/report/sections/detection/dynamic/description.tex @@ -0,0 +1,2 @@ +When a transaction is committed to the blockchain, the targeted smart contract is executed. +This process generates trace data. diff --git a/report/sections/detection/dynamic/metadata.tex b/report/sections/detection/dynamic/metadata.tex new file mode 100644 index 0000000..0daf269 --- /dev/null +++ b/report/sections/detection/dynamic/metadata.tex @@ -0,0 +1,9 @@ +\section{Metadata} \label{sec:static-metadata} + +\subsection{Transaction Sender} + +the global variables \lstinline[language=Solidity]{block}, \lstinline[language=Solidity]{tx} and \lstinline[language=Solidity]{msg} hold valuable informations + +\subsection{Transaction Metadata} + +\subsection{Events (Topics)} diff --git a/report/sections/detection/dynamic/traces.tex b/report/sections/detection/dynamic/traces.tex new file mode 100644 index 0000000..1209ab9 --- /dev/null +++ b/report/sections/detection/dynamic/traces.tex @@ -0,0 +1,17 @@ +\section{Execution Traces} \label{sec:dynamic-traces} + +Execution traces can be obtained either by replaying locally a transaction or by querying a RPC node with tracing enabled. + +\subsection{State Changes} + +storage slots + +balance may change + +\subsection{External Function Calls} + +identify if the contract interacts with other contracts or addresses + +\subsection{Internal Function Calls} + +this can be insightful in determining the contract's behavior \ No newline at end of file diff --git a/report/sections/detection/hybrid/description.tex b/report/sections/detection/hybrid/description.tex new file mode 100644 index 0000000..371b6bf --- /dev/null +++ b/report/sections/detection/hybrid/description.tex @@ -0,0 +1,2 @@ +Zooming out from the perspective of a single smart contract, the blockchain can be considered as a whole. +This is a mix of the static data over all addresses and the dynamic data generated over time and addresses. diff --git a/report/sections/detection/hybrid/graph.tex b/report/sections/detection/hybrid/graph.tex new file mode 100644 index 0000000..82d26fd --- /dev/null +++ b/report/sections/detection/hybrid/graph.tex @@ -0,0 +1,4 @@ +\section{Graph Theory} \label{sec:hybrid-graph} + +The blockchain archive can be seen as a temporal graph. +While the exact structure can vary depending on the application, generally the nodes are the addresses and the vertices are transactions. diff --git a/report/sections/detection/hybrid/statistics.tex b/report/sections/detection/hybrid/statistics.tex new file mode 100644 index 0000000..a54ced8 --- /dev/null +++ b/report/sections/detection/hybrid/statistics.tex @@ -0,0 +1,3 @@ +\section{Statistics} \label{sec:hybrid-stats} + +the activity of a single address over time can be broken-down with statistics \ No newline at end of file diff --git a/report/sections/detection/static/code.tex b/report/sections/detection/static/code.tex new file mode 100644 index 0000000..5ba400d --- /dev/null +++ b/report/sections/detection/static/code.tex @@ -0,0 +1,17 @@ +\section{Code} \label{sec:static-code} + +\subsection{Bytecode} + +Similarly to the traditional binaries, smart contracts are compiled into bytecode which can be parsed: headers + +\subsection{Opcode Sequence} + +Bytecode can be interpreted as a language, giving a level of abstraction to the analysis. + +\subsection{Function Signatures} + +More specifically, functions can be extracted and compared to the reference implementations of the standards for example + +\subsection{Source code} + +When available, this layer can hold deceptive measures for the human reader; hence, it is very informative + creation code (not in bytecode) diff --git a/report/sections/detection/static/description.tex b/report/sections/detection/static/description.tex new file mode 100644 index 0000000..17f03c2 --- /dev/null +++ b/report/sections/detection/static/description.tex @@ -0,0 +1,5 @@ +The data available for analysis depends on the execution stage. +For smart contracts, there are three main contexts. + +Outside of execution, the blockchain acts as a cold storage. +In this first context, the detection methods are called "static analysis". diff --git a/report/sections/detection/static/metadata.tex b/report/sections/detection/static/metadata.tex new file mode 100644 index 0000000..a714986 --- /dev/null +++ b/report/sections/detection/static/metadata.tex @@ -0,0 +1,7 @@ +\section{Metadata} \label{sec:static-metadata} + +\subsection{Contract's creator} + +\subsection{Transaction Metadata} + +Details like the contract's creator, the balance, the creation timestamp and associated Ether provide a context to the whole analysis \ No newline at end of file diff --git a/report/sections/detection/taxonomy/description.tex b/report/sections/detection/taxonomy/description.tex new file mode 100644 index 0000000..c515470 --- /dev/null +++ b/report/sections/detection/taxonomy/description.tex @@ -0,0 +1,2 @@ +Having looked over all the sources of data available, many techniques for detection and evasion emerged. +By analogy with the malware space, these techniques can be sorted as follows. diff --git a/report/sections/detection/taxonomy/diagram.tex b/report/sections/detection/taxonomy/diagram.tex new file mode 100644 index 0000000..e69de29 diff --git a/report/sections/evasion/foreseen/description.tex b/report/sections/evasion/foreseen/description.tex new file mode 100644 index 0000000..3cf10ca --- /dev/null +++ b/report/sections/evasion/foreseen/description.tex @@ -0,0 +1 @@ +\setpartintro{} \ No newline at end of file diff --git a/report/sections/evasion/foreseen/obfuscation/packing.tex b/report/sections/evasion/foreseen/obfuscation/packing.tex index ddd4797..cbc1fde 100644 --- a/report/sections/evasion/foreseen/obfuscation/packing.tex +++ b/report/sections/evasion/foreseen/obfuscation/packing.tex @@ -1,12 +1,14 @@ \section{Payload Packing} -\subsection{Evades} +\subsection{Overview} -Pattern matching on the bytecode. +Encryption / encoding / compression can be leveraged to make malicious code unreadable. -\subsection{How} +\subsection{Evasion Targets} -Encryption / encoding / compression can be leveraged to make malicious code unreadable. +Pattern matching on the bytecode. + +\subsection{Samples} \subsection{Detection \& Countermeasures} diff --git a/report/sections/evasion/foreseen/poisoning/description.tex b/report/sections/evasion/foreseen/poisoning/description.tex new file mode 100644 index 0000000..71b0b25 --- /dev/null +++ b/report/sections/evasion/foreseen/poisoning/description.tex @@ -0,0 +1 @@ +Poisoning techniques hijack legitimate contracts to take advantage of their authority and appear trustworthy. diff --git a/report/sections/evasion/foreseen/poisoning/living-off-the-land.tex b/report/sections/evasion/foreseen/poisoning/living-off-the-land.tex new file mode 100644 index 0000000..d325461 --- /dev/null +++ b/report/sections/evasion/foreseen/poisoning/living-off-the-land.tex @@ -0,0 +1,19 @@ +\section{Living Off The Land} + +\subsection{Overview} + +Living off the land means surviving on what you can forage, hunt, or grow in nature. +For malware, it means using + +- callbacks (flashloans) +- special contract + +\subsection{Evasion Targets} + +Pattern matching on the bytecode. + +\subsection{Samples} + +\subsubsection{Executing Raw Bytecode} + +\subsection{Detection \& Countermeasures} diff --git a/report/sections/evasion/foreseen/spoofing/fake-users.tex b/report/sections/evasion/foreseen/spoofing/fake-users.tex deleted file mode 100644 index 7ddae77..0000000 --- a/report/sections/evasion/foreseen/spoofing/fake-users.tex +++ /dev/null @@ -1,14 +0,0 @@ -\section{Fake Users} \label{sec:fake-users} - -\subsection{Overview} - -Much like social networks, the blockchain has a network of interconnected users. -Their activity in and out of the blockchain gives weight to a project. - -So scammers could creates bots and enroll people to build a legitimate history on their contracts. - -\subsection{Evasion Targets} - -\subsection{Samples} - -\subsection{Detection \& Countermeasures} diff --git a/report/sections/evasion/foreseen/spoofing/sybils.tex b/report/sections/evasion/foreseen/spoofing/sybils.tex new file mode 100644 index 0000000..01790af --- /dev/null +++ b/report/sections/evasion/foreseen/spoofing/sybils.tex @@ -0,0 +1,16 @@ +\section{Sybils} \label{sec:sybils} + +\subsection{Overview} + +Much like social networks, the blockchain is made of interconnected users. +Their activity in and out of the blockchain gives weight to a project. + +So scammers could: +- creates bots and enroll people to build a legitimate history on their contracts. +- create a legitimitae service to hijack it later + +\subsection{Evasion Targets} + +\subsection{Samples} + +\subsection{Detection \& Countermeasures} diff --git a/report/sections/evasion/known/description.tex b/report/sections/evasion/known/description.tex new file mode 100644 index 0000000..3cf10ca --- /dev/null +++ b/report/sections/evasion/known/description.tex @@ -0,0 +1 @@ +\setpartintro{} \ No newline at end of file diff --git a/report/sections/evasion/known/spoofing/fake-standards-implementation.tex b/report/sections/evasion/known/spoofing/fake-standards-implementation.tex index 385e832..4401757 100644 --- a/report/sections/evasion/known/spoofing/fake-standards-implementation.tex +++ b/report/sections/evasion/known/spoofing/fake-standards-implementation.tex @@ -14,7 +14,7 @@ \subsection{Overview} \subsection{Evasion Targets} \begin{description} -\item[Etherscan]{the interpretation of proxy is fixed, it can easily be fooled} +\item[block explorers]{the interpretation of proxies is fixed, it can easily be fooled} \item[users]{few users actually check the code, having a valid front is enough} \end{description} diff --git a/report/sections/evasion/known/spoofing/overriding-standards-implementation.tex b/report/sections/evasion/known/spoofing/overriding-standards-implementation.tex index 3389c70..9edfa4b 100644 --- a/report/sections/evasion/known/spoofing/overriding-standards-implementation.tex +++ b/report/sections/evasion/known/spoofing/overriding-standards-implementation.tex @@ -20,9 +20,9 @@ \subsection{Evasion Targets} This technique is a refinment of the previous one: it will work on more targets. \begin{description} -\item[Etherscan]{blockchain explorers lack even more flexibility to detect these exploits} -\item[Users]{the source code is even closer to a legitimate contract} -\item[Reviewers]{the interpretation of the source code is subtle, and reviewing the bytecode is very time consuming} +\item[block explorers]{blockchain explorers lack even more flexibility to detect these exploits} +\item[users]{the source code is even closer to a legitimate contract} +\item[reviewers]{the interpretation of the source code is subtle, and reviewing the bytecode is very time consuming} \end{description} \subsection{Samples} diff --git a/report/sections/preamble/introduction.tex b/report/sections/preamble/introduction.tex index 03b74a8..109175c 100644 --- a/report/sections/preamble/introduction.tex +++ b/report/sections/preamble/introduction.tex @@ -4,7 +4,9 @@ \section{Introduction} \label{chap:introduction} In turn, they have become attractive tools for scammers and protocol attackers to steal digital assets. As there is growing scrutiny by both users and security tools, malicious actors are answering with deception. -This cat-and-mouse game between malware detection mechanisms and evasive tatics has been relentless in the binary and web spaces. +To achieve their end goals, they first have to appear legitimate and circumvent the security tools. +This involves specific tricks, which we refer to as "evasion" and are the focus of this document. +Exploit detection mechanisms and evasive tactics have played a relentless cat-and-mouse game in the binary and web spaces. Now, this history can be analyzed to improve the current detection tools and anticipate future threats in the web3 ecosystem. We will delve into the code of each evasion technique, highlight their distinctive features and propose countermeasures. diff --git a/report/sections/preamble/methodology.tex b/report/sections/preamble/methodology.tex index b45e5ee..a7b5086 100644 --- a/report/sections/preamble/methodology.tex +++ b/report/sections/preamble/methodology.tex @@ -1,6 +1,6 @@ \section{Methodology} \label{sec:methodology} -This state-of-the-art is grounded in both past and present research. +This report is grounded in both past and present research. A literature review on traditional malware evasion forms the basis for the study's taxonomy and framework. Studying these historical evasion techniques gives insights into potential trends for the blockchain ecosystem. @@ -10,4 +10,11 @@ \section{Methodology} \label{sec:methodology} The report's practical aspect is backed by an analysis of selected smart contract samples. These samples were chosen for two reasons: their association with recent hacks and their ability to slip past detection mechanisms, especially those of the \href{https://explorer.forta.network/}{Forta network}. -Contracts from other platforms such as \href{https://www.chainabuse.com/reports}{chainabuse}, \href{https://www.web3rekt.com/}{web3rekt}, and \href{https://www.rekt.news/}{rekt.news} provided the necessary data for this analysis. +% Contracts from other platforms such as \href{https://www.chainabuse.com/reports}{chainabuse}, \href{https://www.web3rekt.com/}{web3rekt}, and \href{https://www.rekt.news/}{rekt.news} provided the necessary data for this analysis. + +Forta being a network of independent scanning agents, each of them is free to implement a different approach. +Since it is not bound by a systemic choice of detection, the countermeasures are centered on each evasion technique. +Static, dynamic, hybrid, graph analysis are all mentioned when it is relevant to a given target. + +The analysis is meant as a reference guide for the development of future bots on the Forta network. +It will be a continuous feeedback loop: the report will be updated regularly as progress is made. diff --git a/report/template/book/background.tex b/report/template/book/background.tex index 44356dc..d81fc94 100644 --- a/report/template/book/background.tex +++ b/report/template/book/background.tex @@ -13,7 +13,7 @@ \fill[orange] (0,\paperheight) rectangle (8mm,-\paperheight); % bar width 6mm \fi \ifbackgroundtitlevisible - \node[rotate=90, white, font=\huge\bfseries\sffamily, anchor=south] at (8mm, 0mm) {\currentparttitle}; + \node[rotate=90, white, font=\huge\bfseries\sffamily, anchor=west] at (4mm, 0mm) {\currentparttitle}; \fi } } diff --git a/report/template/book/cover.tex b/report/template/book/cover.tex index 0684738..787db83 100644 --- a/report/template/book/cover.tex +++ b/report/template/book/cover.tex @@ -57,7 +57,7 @@ %%%%%%%%%%%%%%%%%%%% Author Name %%%%%%%%%%%%%%%%%%%% \begin{pgfonlayer}{fg} - \drawtext{\Large\textsc{#3}\\\Large\textsc{#4}}{$(current page.east)+(-0.5,-5)$}{2cm}{0}{text=white,anchor=east,align=right}; + \drawtext{\Large\textsc{#3}\\\Large\textsc{#4}}{$(current page.east)+(-0.5,-5.2)$}{2cm}{0}{text=white,anchor=east,align=right}; \end{pgfonlayer} %%%%%%%%%%%%%%%%%%%% Year %%%%%%%%%%%%%%%%%%%% diff --git a/report/template/book/global.tex b/report/template/book/global.tex index 1d2f912..cb077f6 100644 --- a/report/template/book/global.tex +++ b/report/template/book/global.tex @@ -1,2 +1,4 @@ \newcommand{\currentparttitle}{} +\newcommand{\currentpartintro}{} \newcommand{\setparttitle}[1]{\renewcommand{\currentparttitle}{#1}} +\newcommand{\setpartintro}[1]{\renewcommand{\currentpartintro}{#1}} \ No newline at end of file diff --git a/report/template/book/main.tex b/report/template/book/main.tex index 763663b..789d0b3 100644 --- a/report/template/book/main.tex +++ b/report/template/book/main.tex @@ -17,37 +17,26 @@ \PassOptionsToPackage{table}{xcolor} %---------------------------------------------------------------------------------------- -% VARIOUS REQUIRED PACKAGES AND CONFIGURATIONS +% COLORS %---------------------------------------------------------------------------------------- -\usepackage[top=2cm,bottom=2cm,left=4cm,right=2cm,headsep=10pt,a4paper]{geometry} % Page margins - -\usepackage{graphicx} % Required for including pictures -\graphicspath{{images/}} % Specifies the directory where pictures are stored - -\usepackage{tikz} % Required for drawing custom shapes -\usetikzlibrary{fit, shapes, arrows, positioning, calc, tikzmark, shapes.geometric} - -\usepackage[english]{babel} % French language/hyphenation - -\usepackage{enumitem} % Customize lists - -\usepackage{booktabs} % Required for nicer horizontal rules in tables - \usepackage[table]{xcolor} % Required for specifying colors by name -\usepackage{pdflscape} % Allows to rotate pages in landscape +\usepackage{pagecolor} % dark theme %---------------------------------------------------------------------------------------- -% DARK THEME +% LAYOUT %---------------------------------------------------------------------------------------- -\usepackage{pagecolor} +\usepackage[top=2cm,bottom=2cm,left=4cm,right=2cm,headsep=10pt,a4paper]{geometry} % Page margins + +\usepackage{pdflscape} % Allows to rotate pages in landscape %---------------------------------------------------------------------------------------- % FONTS %---------------------------------------------------------------------------------------- +\usepackage[english]{babel} % French language/hyphenation \usepackage{inconsolata} \usepackage{mathptmx} % Use the Adobe Times Roman as the default text font together with math symbols from the Sym­bol, Chancery and Com­puter Modern fonts @@ -99,6 +88,28 @@ \usepackage{bookmark} \usepackage[all]{hypcap} % moves the ref jumping points to the top of images (instead of the caption) +%---------------------------------------------------------------------------------------- +% IMAGES +%---------------------------------------------------------------------------------------- + +\usepackage{graphicx} % Required for including pictures +\graphicspath{{images/}} % Specifies the directory where pictures are stored + +\usepackage{tikz} % Required for drawing custom shapes +\usetikzlibrary{fit, shapes, arrows, positioning, calc, tikzmark, shapes.geometric} + +%---------------------------------------------------------------------------------------- +% LISTS +%---------------------------------------------------------------------------------------- + +\usepackage{enumitem} % Customize lists + +%---------------------------------------------------------------------------------------- +% TABLES +%---------------------------------------------------------------------------------------- + +\usepackage{booktabs} % Required for nicer horizontal rules in tables + %---------------------------------------------------------------------------------------- % CAPTIONS %---------------------------------------------------------------------------------------- diff --git a/report/template/book/titles.tex b/report/template/book/titles.tex index 18723bd..add3f72 100644 --- a/report/template/book/titles.tex +++ b/report/template/book/titles.tex @@ -8,7 +8,7 @@ \newcommand*{\numberinmargin}[3]{\makebox[0pt][r]{\textcolor{#3}{\fontsize{#2}{#2}\selectfont\sffamily\bfseries#1\autodot}\hskip\marginparsep}} %---------------------------------------------------------------------------------------- -% SPACING +% LAYOUT %---------------------------------------------------------------------------------------- \titlespacing*{\part}{-2.95cm}{8cm}{20pt} @@ -18,16 +18,42 @@ \titlespacing*{\paragraph}{0pt}{3.25ex plus 1ex minus .2ex}{1.5ex plus .2ex} %---------------------------------------------------------------------------------------- -% TITLES +% PART PAGE %---------------------------------------------------------------------------------------- \titleformat{\part}[display] - {\fontsize{48}{60}\selectfont\sffamily\color{white}} + {} {} {0pt} {\begin{tikzpicture}[overlay] - \node[anchor=base, text centered, text depth=1, text width=\paperwidth, inner sep=2cm, outer sep=0pt, minimum height=2cm, minimum width=\paperwidth, fill=black] {\parbox{\paperwidth}{}}; - \end{tikzpicture}\MakeUppercase} + % horizontal black strip behind title + \node[anchor=base, text centered, text depth=1, text width=\paperwidth, inner sep=0mm, outer sep=0pt, minimum height=48mm, minimum width=\paperwidth, fill=black] {\parbox{\paperwidth}{}}; + % introduction block below title + \node[anchor=north west, text depth=1, inner sep=0pt, outer sep=0pt, minimum width=\paperwidth, xshift=0cm, yshift=0cm] at (current page.west) {\currentpartintro}; + \end{tikzpicture} + \fontsize{48}{60}\selectfont\sffamily\color{white}\MakeUppercase} + +%---------------------------------------------------------------------------------------- +% SHOW / HIDE PART TITLE IN THE LEFT BAR +%---------------------------------------------------------------------------------------- + +\newif\ifbackgroundtitlevisible +\backgroundtitlevisibletrue + +\newif\ifbackgroundbarvisible +\backgroundbarvisibletrue + +\let\originalpart\part + +\renewcommand{\part}[1]{% to reference in the background => display vertically +\setparttitle{\uppercase{#1}} +\backgroundtitlevisiblefalse +\originalpart{#1} +\backgroundtitlevisibletrue} + +%---------------------------------------------------------------------------------------- +% TITLES +%---------------------------------------------------------------------------------------- \titleformat{\chapter}[hang] {\normalfont\huge\sffamily\bfseries\color{orange}} @@ -53,6 +79,10 @@ {0pt} {} +%---------------------------------------------------------------------------------------- +% SPECIAL TITLE +%---------------------------------------------------------------------------------------- + \renewcommand{\paragraph}[1]{% \par\vspace{3.25ex plus 1ex minus .2ex}% \noindent\hspace*{-4cm}\colorbox{orange}{% @@ -61,24 +91,6 @@ \par\nobreak\vspace{1.5ex plus .2ex}% } -%---------------------------------------------------------------------------------------- -% SHOW / HIDE PART TITLE -%---------------------------------------------------------------------------------------- - -\newif\ifbackgroundtitlevisible -\backgroundtitlevisibletrue - -\newif\ifbackgroundbarvisible -\backgroundbarvisibletrue - -\let\originalpart\part - -\renewcommand{\part}[1]{% to reference in the background => display vertically -\setparttitle{\uppercase{#1}} -\backgroundtitlevisiblefalse -\originalpart{#1} -\backgroundtitlevisibletrue} - %------------------------------------------- \makeatother diff --git a/report/template/book/toc.tex b/report/template/book/toc.tex index 567ba6a..52e4e12 100644 --- a/report/template/book/toc.tex +++ b/report/template/book/toc.tex @@ -44,11 +44,10 @@ \ifnum \c@tocdepth >\m@ne \addpenalty{-\@highpenalty}% \vskip 0pt - \noindent\hspace*{4cm}\color{orange}\rule{\dimexpr\textwidth-4cm}{2pt}\par \begingroup \parindent \z@ \rightskip \@pnumwidth - \leavevmode\colorbox{black}{\vtop{\hsize=\dimexpr\textwidth\relax - \hspace*{4cm}\strut\color{orange}\bfseries\sffamily\uppercase{#1} + \leavevmode\colorbox{darkgray}{\vtop{\hsize=\dimexpr\textwidth\relax + \hspace*{4cm}\strut\color{white}\bfseries\sffamily\uppercase{#1} \nobreak\hfill\nobreak\hb@xt@\@pnumwidth{\hss #2}\strut}}\par \penalty\@highpenalty \endgroup diff --git a/report/web3-evasion-techniques.pdf b/report/web3-evasion-techniques.pdf index d74add6..40194ea 100644 Binary files a/report/web3-evasion-techniques.pdf and b/report/web3-evasion-techniques.pdf differ