Ressources

2021

Conférence | Zombies ate my printer’s ink , THCON 2021 - Rémi Jullian

Conférence | Manger mes dossiers par la racine ( video ) , Hack-it-n - Lucas Georges

Conférence | Synacktalk #1 (slides) ( video ) , Webinar - Aymeric Palhière , Renaud Feil , Renaud Dubourguais

Conférence | Pourquoi la cybersécurité a radicalement changé ? , Seald - Renaud Dubourguais

Conférence | Panorama des postes et compétences attendus , Cyber & Bretagne - Renaud Feil

Conférence | Product security - From the dark side to the light , Live Embedded Event - Tiphaine Romand-Latapie

2020

Conférence | No lightsaber is needed to break the Wookey , Live Embedded Event - David Berard

Conférence | This is for the pwners - exploiting a webkit 0-day in Playstation 4 ( video ) , BlackHat Europe 2020 - Quentin Meffre , Mehdi Talbi

Conférence | Tout faire à l’envers , If This Then Dev - Tiphaine Romand-Latapie

Conférence | No lightsaber is needed to break the Wookey ( video ) , Grehack 2020 - David Berard

Conférence | Say hello to my little shell ! ( video ) , Unlock your brain, Harden your system 2020 - Lucas Georges

Conférence | Interview Renaud Feil , NoLimitSecu - Renaud Feil

Conférence | Comment promouvoir la place des femmes dans le milieu de la cybersécurité ? , BFMTV - Tiphaine Romand-Latapie

Conférence | SpeedPwning VMware Workstation , Ekoparty 2020 - Bruno Pujos , Corentin Bayet

Conférence | IOMMU and DMA attacks , NorthSec 2020 - Jean-Christophe Delaunay

Conférence | Speedpwning VMware Workstation ( video ) , Ekoparty 2020 - Corentin Bayet , Bruno Pujos

Conférence | [SECHebdo] 28 juillet 2020 , Le Comptoir Sécu - Tiphaine Romand-Latapie

Conférence | The art of cyber crime, Windows Pools and Windows ARM64 exploitation (from 1:20:55) , OPCDE - Corentin Bayet , Paul Fariello

Conférence | Scoop the Windows 10 Pool! ( video , whitepaper ) , SSTIC 2020 - Corentin Bayet , Paul Fariello

Conférence | How to design a baseband debugger ( video , whitepaper ) , SSTIC 2020 - David Berard , Vincent Fargues

Conférence | RDP security: intercepting NLA authentication using CredSSPy ( video , whitepaper ) , SSTIC 2020 - Geoffrey Bertoli

Conférence | NorthSec 2020 , IOMMU and DMA attacks - Jean-Christophe Delaunay

Conférence | Binder and its vulnerabilities , THCON 2020 - Jean-Baptiste Cayrou

Conférence | Modern PHP security , Sec4Dev 2020 - Thomas Chauchefoin , Lena David

Conférence | Using static and dynamic binary analysis with ret-sync , Bière Sécu Bordeaux - Jean-Christophe Delaunay

Conférence | Exploitation of the FreeBSD kernel vulnerability CVE-2019-5602 , Bière Sécu Lyon - Mehdi Talbi

Conférence | With Machoc and victorious weapons, using CFG hashing for the lazy reverser , Bière Sécu Lyon - Tristan Pourcelot

Conférence | Pwn2Own Miami Day 3 Final Results (from 2:56) , Pwn2Own Miami - Lucas Georges

2019

Conférence | Reversing the firmware of an e-cigarette , Bière Sécu Toulouse - Samuel Chevet

Conférence | IOMMU and DMA attacks ( whitepaper ) , C&ESAR conference - , Jean-Christophe Delaunay

Conférence | Through the SMM-Glass , Bière Sécu Toulouse - Bruno Pujos

Conférence | V2G Injector - Whispering to cars and charging units through the Power-Line (extended version) , t2.fi infosec - Sébastien Dudek

Conférence | Time-travel Debugging , Rump'in Rennes 2019 - Samuel Chevet

Conférence | SF30th Hacking Edition : A journey into Moo , R2CON 2019 - Nicolas Correia

Conférence | Kerberos Unconstrained Delegation , Bière Sécu Toulouse - Nicolas Biscos

Conférence | The return of FAIFA and HomePlugPWN: Make Power-Line Communication hacks great again! , leHack 2019 - Sébastien Dudek

Conférence | Time-efficient assessment of open-source projects for Red Teamers , Pass the SALT 2019 - Thomas Chauchefoin , Julien Szlamowicz

Conférence | Wild pentesting - When a reverser does pentest... ( video ) , SSTIC 2019 - Fabien Perigaud

Conférence | SSTIC 2019 challenge conception , SSTIC 2019 - David Berard , Vincent Fargues

Conférence | DLL shell game and other misdirections ( video , whitepaper ) , SSTIC 2019 - Lucas Georges

Conférence | V2G Injector - Whispering to cars and charging units through the Power-Line ( video , whitepaper ) , SSTIC 2019 - Sébastien Dudek

Conférence | WEN ETA JB? A 2 million dollars problem ( video , whitepaper ) , SSTIC 2019 - Eloi Benoist-Vanderbeken , Fabien Perigaud

Conférence | Exploring the Limitations of 802.1x and Beyond , Infosecurity Europe - Florian Guilbert

Conférence | Modmobtools and tricks to assess devices using the mobile network (GPRS, UMTS and LTE) , Troopers NGI 2019, Research and Tinkering - Sébastien Dudek

Conférence | Android software KeyStore decryption (French) , Inter-CESTI - Thomas Etrillard , Julien Legras

Conférence | Riding the lightning: iLO 4&5 BMC security wrap-up , 1ns0mn1h4ck 2019 - Fabien Perigaud

Conférence | Modmobtools internals, updates, and more on tools used to assess mobile devices , Troopers Telco Sec Day 2019 - Sébastien Dudek

Conférence | macOS: how to gain root with CVE-2018-4193 in < 10s ( exploit code ) , OffensiveCon 2019 - Eloi Benoist-Vanderbeken

Conférence | Bypassing SMM-EP , Lightning talks at LSE - Bruno Pujos

2018

Conférence | Code Obfuscation 10**2+(2*a+3)%2, , JSecIN 2018 - Gaetan Ferry

Conférence | Turning your BMC into a revolving door , Zeronights 2018 - Fabien Perigaud

Conférence | PentHertz: The use of radio attacks during Red Team and pentests , Security PWNing 2018 - Sébastien Dudek

Conférence | Heapple Pie: macOS and iOS default heap , Sthack 2018 - Eloi Benoist-Vanderbeken

Conférence | Modmobjam, smart jamming with Software-Defined Radio , RUMPS SSTIC 2018 - Sébastien Dudek

Conférence | Backdooring your server through its BMC: the HPE iLO4 case , SSTIC 2018 - Fabien Perigaud

Conférence | Organisation of the SSTIC security challenge , SSTIC 2018 - Lucas Arrivé , Clément Berthaux

Conférence | Modmobmap, the modest mobile networks mapping tool , BeeRumP 2018 - Sébastien Dudek

Conférence | iOS/macOS 0-day^w48-hours , BeeRumP 2018 - Eloi Benoist-Vanderbeken

Conférence | Introduction to CTF competitions ( video ) , 42Born2Code - Lucas Arrivé , Corentin Bayet

Conférence | Subverting your server through its BMC: the HPE iLO4 case , Recon Brussels 2018 - Fabien Perigaud

2017

Conférence | TSIGKILL: Bypassing dynamic DNS updates authentication through signature forgery , GreHack 2017 - Clément Berthaux

Conférence | Cracking password hashes with Kraqozorus , OSSIR 2017 - Renaud Feil

Conférence | Windows 10 Pool Party, exploitation of a Kernel Pool buffer overflow on the last version of Windows 10 ( details ) , Nuit du Hack 2017 - Corentin Bayet

Conférence | Study of an unknown CPU , BeeRumP 2017 - Fabien Perigaud

Conférence | IDASuckLess ( Website ) , SSTIC 2017 - Eloi Benoist-Vanderbeken

Conférence | BeeRumP announcement , SSTIC 2017 - Eloi Benoist-Vanderbeken

Conférence | Psychological profiling and LinkedIn passwords , SSTIC 2017 - Jean-Christophe Delaunay

Conférence | Out-of-control cars! , SSTIC 2017 - Sébastien Dudek

Conférence | IoT Hacking - the case of Intercoms (with little updates since 33C3) , OSSIR afterwork - Sébastien Dudek

Conférence | Tools and techniques to remotely compromise and spy workstations , Ecole de Guerre Economique - Renaud Feil

Conférence | Turning a GPS-based dating application into a tracking system , ESIEA Secure Edition 2017 - Julien Legras , Julien Szlamowicz

Conférence | DPAPI exploitation during a pentest and password cracking , Univershell 2017 - Jean-Christophe Delaunay

Conférence | How to develop an unpacker: the StarForce case , Sthack 2017 - Eloi Benoist-Vanderbeken

Conférence | DPAPI exploitation during a pentest , Sthack 2017 - Jean-Christophe Delaunay

Conférence | Offline extraction of DPAPI-protected secrets , JSSI OSSIR 2017 - Jean-Christophe Delaunay

Conférence | WordPress security: hunting security bugs in a supermarket , Security Day 2017 - Thomas Chauchefoin

Conférence , Outils | Presentation of our pentesting toolkit ( Disconet , Houdini , Kraqozorus , Oursin ) , FIC 2017 - Nicolas Collignon , Renaud Feil

2016

Conférence | Intercoms Hackings, when frontdoors become backdoors - more detailed ( video ) , 33C3 Hamburg - Sébastien Dudek

Conférence | Challenge resolution and solution presentation , Grehack 2016 - Fabien Perigaud

Conférence | House intercoms attacks, when frontdoors become backdoors - including progress on 3G intercoms ( video ) , Hack.lu 2016 - Sébastien Dudek

Conférence | House intercoms attacks, when frontdoors become backdoors ( paper , video jamming , video spamming ) , Nuit du Hack 2016 - Sébastien Dudek

Conférence | Turning a GPS-based dating application into a tracking system , Nuit du Hack 2016 - Julien Legras , Julien Szlamowicz

Conférence | Hacking your printer , BeeRumP 2016 - Jean-Christophe Delaunay

Conférence | Cache attack, ECC, FRP256v1, backdoor, NIST, end of the world , BeeRumP 2016 - Eloi Benoist-Vanderbeken

Conférence | Switching to insecurity , BeeRumP 2016 - Nicolas Collignon

Conférence | UDP Just Opened , BeeRumP 2016 - Renaud Dubourguais

Conférence | Kerberom , BeeRumP 2016 - Jean-Christophe Delaunay

Conférence | Frida: How does it work? How to use it? ( video - french ) , OSSIR 2016 - Eloi Benoist-Vanderbeken

Conférence | Mobile communications: practical attacks using cheap equipment , Business France 2016 - Sébastien Dudek

Conférence | AJPy: AJP python library , SSTIC 2016 - Julien Legras

Conférence | Challenge resolution and solution presentation , SSTIC 2016 - Fabien Perigaud

Conférence | Near-Field Beer , SSTIC 2016 - Fabien Perigaud

Conférence | Podcast about Red Team penetration testing , NoLimitSecu 2016 - Renaud Feil

Conférence | Just you, PowerShell and the target? Challenge accepted ( demo ) , Sthack 2016 - Damien Picard

Conférence | Tools and techniques to compromise workstations , GS Days 2016 - Clément Berthaux , Renaud Feil

Conférence | Offensive use of PowerShell ( demo ) , GS Days 2016 - Damien Picard

Conférence | Feedback after 10 years of security audits , JSSI OSSIR 2016 - Renaud Feil

2015

Conférence | The Internet of Things is bad , SSTIC 2015 - Eloi Benoist-Vanderbeken

Conférence | HQL to SQL evasion ( video ) , SSTIC 2015 - Renaud Dubourguais

Conférence | Vulnerability research in embedded systems , ESIEA Secure Edition 2015 - Eloi Benoist-Vanderbeken

2014

Conférence | G-Jacking AppEngine-based applications , NoSuchCon 2014 - Nicolas Collignon

Conférence | Advanced password breaking (FR) , JSSI Rouen 2014 - Julien Legras

Conférence | HomePlugAV PLC: Practical attacks and backdooring , NoSuchCon 2014 - Sébastien Dudek

Conférence | NoSuchCon 2014 challenge , NoSuchCon 2014 - Eloi Benoist-Vanderbeken , Nicolas Collignon

Conférence | Bypassing IDS/IPS with the TCP Fast Open option ( PoC ) , SSTIC 2014 - Nicolas Collignon , Renaud Dubourguais

Conférence | Android 0dayz hunting, again , SSTIC 2014 - Fabien Perigaud

Conférence | G-Jacking AppEngine-based Applications , HITB Amsterdam 2014 - Nicolas Collignon , Samir Megueddem

Conférence | Tools and techniques for Red-Team penetration tests , JSSI OSSIR 2014 - Renaud Feil

2013

Conférence | Oracle TNS protocol hijacking , SSTIC 2013 - Nicolas Collignon

Conférence | WAF contest , JSSI OSSIR 2013 - Renaud Dubourguais , Renaud Feil

2012

Conférence | J2EE frameworks security: the birth of Expression Language injections , JSSI Rouen 2012 - Renaud Dubourguais

Conférence | Fuzzing the GSM Protocol Stack , Hack.lu 2012 - Sébastien Dudek

Conférence | The DevMode flag in Struts 2 , SSTIC 2012 - Renaud Dubourguais

Conférence | Criterium attack / QR-bit flip , SSTIC 2012 - Nicolas Collignon

Conférence | Android 0dayz hunting , SSTIC 2012 - Fabien Perigaud

Conférence | Hacking (and securing) JBoss AS , Security Day 2012 - Renaud Dubourguais

2011

Conférence | Pentests: exposing real world attacks , Security Day 2011 - Renaud Dubourguais

Conférence | Control-flow flattening and symbolic execution ( whitepaper ) , SSTIC 2011 - Eloi Benoist-Vanderbeken

2010

Conférence | Introduction to USRP: hardware, radio, digital processing, and GnuRadio , HackerzVoice 2010 - Sébastien Dudek

Conférence | TCP tunneling over RDP , SSTIC 2010 - Nicolas Collignon

Conférence | Exploiting and securing JBoss AS , SSTIC 2010 - Renaud Dubourguais

Conférence | Feedback on enterprise applications security , NetFocus - Nicolas Collignon

Conférence | Forensic and Software (Un)obfuscation , ECIW 2010 - Eloi Benoist-Vanderbeken

2009

Conférence | Webshells: how to have your network wide open , GS-Days 2009 - Renaud Dubourguais

Conférence | Shell over DTMF , SSTIC 2009 - Nicolas Collignon

2008

Conférence | VMware and virtualization security , OSSIR 2008 - Nicolas Collignon

2007

Conférence | Feedback on PHP code audits , Forum PHP 2007 - Nicolas Collignon

Conférence | Encrypting hostile web content over HTTP , SSTIC 2007 - Renaud Feil

Conférence | Evolution of CSRF attacks , SSTIC 2007 - Renaud Feil

Conférence | Discovering IPv6 networks , SSTIC 2007 - Nicolas Collignon

Conférence | Web 2.0: more ergonomic... and less secure? , JSSI OSSIR 2007 - Renaud Feil

2006

Conférence | Client-side vulnerabilities , SSTIC 2006 - Renaud Feil

Conférence | Impacts and threats around the IPv6 protocol , OSSIR 2006 - Nicolas Collignon

Conférence | IPv6: network security threats , IPv6 Worldwide Summit 2006 - Nicolas Collignon