Ressources
2025
Conférence | HopLa - From Manual to Turbo, x33fcon 2025 - Alexis Danizan
Conférence | Playing with reflective relay to discover new vulnerabilities: CVE-2025-33073, x33fcon 2025 - Wilfried Bécard
Conférence | Bypassing EDRs: SentinelOne agent analysis, x33fcon 2025 - Matthieu Barjole
Conférence | Analyzing the Windows kernel shadow stack mitigation (Vidéo), SSTIC 2025 - Rémi Jullian, Alexandre Aulnette
Conférence | Exploiter la distribution des politiques SCCM (Video), SSTIC 2025 - Quentin Roland
Conférence | Proxychains-UDP & BBS (Video), SSTIC 2025 - Hugo Clout
Conférence | Contournements EDR: SentinelOne (rump) (Video), SSTIC 2025 - Matthieu Barjole
Conférence | Azure Conditional Access Policies: A World of Wonders (Video), SSTIC 2025 - Paul Barbé, Matthieu Barjole
Conférence | Mofos : Framework de manipulation de machines virtuelles (Video), SSTIC 2025 - Florian Guilbert
Conférence | Retour d'expérience : Cryptographie post-quantique (Video), SSTIC 2025 - Antoine Gicquel, Alexandre Brenner
Conférence | Demystifying Objective-C internals, Sthack 2025 - Victor Cutillas
Conférence | Hooking Windows Named Pipes, Sthack 2025 - Thomas Borot
Conférence | Attacking the Tesla Wallconnector from its charge port connector, Sthack 2025 - David Berard
Conférence | Exploiting a Blind Format String Vulnerability in Modern Binaries: A Case Study from Pwn2Own Ireland 2024, Ambrosia 2025 - Baptiste Moine
2024
Conférence | Deep dive in Laravel encryption - GreHack 2024 (laravel-crypto-killer), Deep dive in Laravel encryption - GreHack 2024 - Rémi Matasse, Mickaël Benassouli
Conférence | Émulation et Fuzzing Black-Box avec Qiling, Bière Sécu Toulouse - Guillaume Chaudon
Conférence | Fixing Nintendo Switch for Fun and Profit?, SteakOverflow 2024 - Baptiste Moine
Conférence | A Journey to Pwn2Own Toronto 2023, SteakOverflow 2024 - Baptiste Moine, Romain Jouet
Conférence | 0-click RCE on Tesla Model 3 through TPMS Sensors, Hexacon 2024 - David Berard, Thomas Imbert, Vincent Dehors
Conférence | Tale of RCE in video game (demo video), Hexacon 2024 - Thomas Dubier
Conférence | Juicing Up the Autel EV Charger: Insights from Pwn2Own Automotive, Sthack 2024 - Vincent Fargues, Aymeric Palhière
Conférence | Attacking the FreeBSD Hypervisor, Warcon VI - Mehdi Talbi
Conférence | COM DLL Hijacking with DLHell, x33fcon 2024 - Kevin Tellier
Conférence | Open Sesame : smashing stacks into opening doors (demo video), Recon 2024 - Lucas Georges
Conférence | Say hello to your new cache flow, Troopers 2024 - Rémi Jullian, Geoffrey Bertoli, Théo Gordyjan
Conférence | Frinet: Reverse-engineering using Frida & Tenet (video), SSTIC 2024 - Louis Jacotot, Martin Perrier
Conférence | ntdissector, a swiss-army knife for your NTDS files (article, video), SSTIC 2024 - Mehdi Elyassa, Julien Legras
Conférence | Red teaming like an APT, a MobileIron 0-day exploit chain (article, video), SSTIC 2024 - Mehdi Elyassa
Conférence | Apache Guacamole - Extract credz (video), SSTIC 2024 (Rump) - Antoine Cervoise
Conférence | Exploiting American Conquest (video), Bière Sécu Rennes - Thomas Dubier
Conférence | Open Sesame : smashing stacks into opening doors (demo video), OffensiveCon 2024 - Lucas Georges
Conférence | Escaping the Safari Sandbox: A Tour of Webkit IPC, OffensiveCon 2024 - Quentin Meffre
Conférence | 0-Click RCE on the Tesla Infotainment Through Cellular Network, OffensiveCon 2024 - David Berard, Vincent Dehors
Conférence | THCon 2024 How to voltage fault injection, THCon 2024 - Théo Gordyjan
Conférence | Ubuntu Shiftfs: Unbalanced Unlock Exploitation Attempt, CVE-2023-2612, THCon 2024 - Jean-Baptiste Cayrou
Conférence | Dangerous cheap hw hacking, Bière Sécu Bordeaux - Jean-Christophe Delaunay
Conférence | Solution du challenge, THCon 2024 - Fabien Perigaud
Conférence | WP n'a de protected que le nom, HackSecuReims 2024 - Paul Viel
Conférence | Trois ans de pwn2own, FIC 2024 - Kevin Denis
Conférence | Investigations à distance sur sauvegardes Veeam, FIC 2024 - Maxence Fossat
Autre | Tiphaine Romand-Latapie's Interview, OBS.IONS.TECH - Tiphaine Romand-Latapie
Conférence | Entretien avec Romain Huon, DSI de Synacktiv, Podcast CyberRadio.tv - Romain Huon
2023
Conférence | Exploiting Diablo I (video), Bière Sécu Rennes - Thomas Dubier
Revue | Les casiers de livraison Amazon ciblés par une nouvelle arnaque , JT 20h TF1 - Renaud Feil
Conférence | Unlocking the Drive Exploiting Tesla Model 3 (video), Grehack 2023 - David Berard, Vincent Dehors
Conférence | Unlocking the Drive Exploiting Tesla Model 3, Codeblue 2023 - David Berard, Vincent Dehors
Conférence | Ubuntu Shiftfs: Unbalanced Unlock Exploitation Attempt, CVE-2023-2612 (video), Grehack 2023 - Jean-Baptiste Cayrou
Conférence | Virtualization from an attacker point of view (video), Grehack 2023 - Corentin Bayet, Thomas Bouzerar
Revue | Azure AD et la sécurité, Programmez magazine - Théo Louis-Tisserand, Aymeric Palhière, Arnaud Pilon
Conférence | Breaking out of the box, Hexacon 2023 - Thomas Bouzerar, Thomas Imbert
Conférence | Finding and Exploiting an Old XNU Logic Bug (video, exploit code), Hexacon 2023 - Eloi Benoist-Vanderbeken
Conférence | Entretien avec Arnaud Pilon, NIS 2 : pourquoi, pour qui, pour quand ? - Arnaud Pilon
Conférence | Windows Kernel Security - A Deep Dive into Two Exploits Demonstrated at Pwn2Own, HITBSecConf2023 - Phuket - Thomas Imbert
Conférence | Compiling Responder (video), Pass The Salt 2023 (Rump) - Antoine Cervoise
Conférence | I hack U-Boot (video), Pass The Salt 2023 (Rump) - Théo Gordyjan
Conférence | PHP filter chains: How to use it (video), Pass The Salt 2023 - Rémi Matasse
Conférence | The Good, the Bad, and the Secure: a pentester's journey daily driving Qubes OS (video), Pass The Salt 2023 - Pierre Milioni
Conférence | Equity in TCP (video), Pass The Salt 2023 (Rump) - Antoine Gicquel
Conférence | Strings deobfuscation in pseudocode with microcode manipulation (video), Pass The Salt 2023 (Rump) - Quentin Salingue
Conférence | Pwn by abandonware (video), LeHack 2023 - Antoine Cervoise, Romain Huon
Conférence | Security of connected cars - with Tesla as example (video, article), SSTIC 2023 - David Berard, Vincent Dehors
Conférence | Recherche de vulnérabilités à l’aide d’outil d’analyse automatique de code - slides (video), SSTIC 2023 - Kevin Denis
Conférence | DMA practical attacks, Sthack 2023 - Antoine Cervoise, Jean-Christophe Delaunay
Conférence | DLP bypass for Boomers, Sthack 2023 (Rump) - Antoine Cervoise
Conférence | A study on Windows authentication over HTTP & Prox-Ez (video), THCON 2023 - Pierre Milioni, Geoffrey Bertoli
Conférence | The Android Security Model, THCON 2023 - Jean-Baptiste Cayrou
Conférence | Automating the extraction of secrets stored inside CI/CD systems (video), THCON 2023 - Hugo Vincent, Théo Louis-Tisserand
Conférence | Solution du challenge, THCon 2023 - Fabien Perigaud
Conférence | Fouillons les poubelles !, HackSecuReims 2023 - Antoine Cervoise
Conférence | Attaques DMA, NoLimitSecu - Antoine Cervoise, Jean-Christophe Delaunay
2022
Conférence | A journey to pwn and own the Sonos One Speaker, Blackalps 2022 - David Berard
Conférence | The printer goes brrrrr, BlackAlps 2022 - Mehdi Talbi, Rémi Jullian, Thomas Jeunet
Conférence | Attacking Safari in 2022, Hexacon 2022 - Quentin Meffre
Conférence | I feel a draft. Opening the doors and windows: 0-click RCE on the Tesla Model3, Hexacon 2022 - David Berard, Vincent Dehors
Conférence | Croissantez vos collègues avec adb, BeeRump 2022 - Clément Berthaux
Conférence | Pwn2Own Vancouver 2022, NoLimitSecu - David Berard, Vincent Dehors
Conférence | Faire bonne impression à pwn2own: RCE sur imprimantes HP et Lexmark, Barbhack 2022 - David Berard, Vincent Fargues, Thomas Imbert
Conférence | Dissecting NTLM EPA & building a MitM proxy (video), PassTheSalt 2022 - Pierre Milioni
Conférence | Finding Java deserialization gadgets with CodeQL (video), PassTheSalt 2022 - Hugo Vincent
Conférence | MobSF for penetration testers (video), PassTheSalt 2022 - Antoine Cervoise, Mickaël Benassouli
Conférence | Pwning a Netgear router from WAN - MitM style, LeHack 2022 - Kevin Denis, Antide Petit
Conférence | An Apple a day keeps the exploiter away (vidéo, article), SSTIC 2022 - Eloi Benoist-Vanderbeken, Fabien Perigaud
Conférence | Ica2Tcp : Un proxy SOCKS pour Citrix (vidéo, article), SSTIC 2022 - Hugo Clout
Conférence | Suprême TTD - That's my PPL (vidéo), SSTIC 2022 - Lucas Georges
Conférence | Surface d’attaque des solutions Active Directory Self-Service (vidéo), SSTIC 2022 - Antoine Cervoise, Wilfried Bécard
Conférence | Fouillons les poubelles !, ESE 2022 - Antoine Cervoise
Conférence | Rooting Samsung Q60T Smart TV, STHACK2022 - Vincent Fargues, Jérémie Boutoille
Conférence | Real hackers don't leave dtrace (video), Sthack 2022 - Eloi Benoist-Vanderbeken
Conférence | The printer goes brrrrr, CanSecWest 2022 - Mehdi Talbi, Thomas Jeunet, Rémi Jullian
Conférence | Pwn2Owning the TPLINK Archer A7, THCON2022 - Kevin Denis
Conférence | Android Encryption, THCON 2022 - Jean-Baptiste Cayrou
2021
Conférence | Synacktalk #3 (video) (download), Webinar - feedbacks on pwn2own - Elodie Grisé, Benoît Lamiré, David Berard, Etienne Helluy-Lafont, Rémi Jullian
Conférence | AEGE Presentation, AEGE 2021 - Arnaud Pilon
Conférence | Cannibal Hacking, Hack In Paris 2021 - Kevin Denis
Conférence | Rooting Samsung Q60T Smart TV, GreHack 2021 - Vincent Fargues, Jérémie Boutoille
Conférence | Jailbreak detection mechanisms and how to bypass them, Sthack 2021 - Eloi Benoist-Vanderbeken
Conférence | Discovering and exploiting a kernel pool overflow on modern Windows 10, Sthack 2021 - Fabien Perigaud
Conférence | Pwn2Own'ing the TP-Link Archer A7, Barbhack 2021 - Kevin Denis, Thomas Chauchefoin
Conférence | HPE iLO 5 security: Go home cryptoprocessor, you’re drunk! (video), BlackHat USA 2021 - Fabien Perigaud
Conférence | AppFailLauncher, Bière Sécu Toulouse - Thomas Imbert
Conférence | Slides - Jailbreak detection mechanisms and how to bypass them (video), Pass The Salt 2021 - Eloi Benoist-Vanderbeken
Revue | Comment les spécialistes de l’intrusion percent les coffres-forts numériques, Article de journal - The Team
Conférence | Zombies ate my printer’s ink, THCON 2021 - Rémi Jullian
Conférence | Synacktalk #2 (slides) (video), Webinar - Elodie Grisé, Benoît Lamiré, Tiphaine Romand-Latapie
Conférence | The security of SD-WAN: the Cisco case (video, whitepaper), SSTIC 2021 - Julien Legras
Conférence | HPE iLO 5 security: Go home cryptoprocessor, you’re drunk! (video, whitepaper), SSTIC 2021 - Fabien Perigaud
Conférence | Vous avez obtenu un trophée : PS4 jailbreaké (video, whitepaper), SSTIC 2021 - Mehdi Talbi, Quentin Meffre
Conférence | Manger mes dossiers par la racine (video), Hack-it-n - Lucas Georges
Outils | HopLa, Autocompletion support and useful payloads in Burp Suite - Alexis Danizan
Conférence | Synacktalk #1 (slides) (video), Webinar - Aymeric Palhière, Renaud Feil, Renaud Dubourguais
Outils | .NIET, IDA Pro plugin for .NET Native symbols resolution - Jean-Christophe Delaunay
Conférence | Panorama des postes et compétences attendus, Cyber & Bretagne - Renaud Feil
Conférence | Product security - From the dark side to the light, Live Embedded Event - Tiphaine Romand-Latapie
2020
Conférence | No lightsaber is needed to break the Wookey, Live Embedded Event - David Berard
Conférence | This is for the pwners - exploiting a webkit 0-day in Playstation 4 (video), BlackHat Europe 2020 - Quentin Meffre, Mehdi Talbi
Conférence | Tout faire à l’envers, If This Then Dev - Tiphaine Romand-Latapie
Conférence | No lightsaber is needed to break the Wookey (video), Grehack 2020 - David Berard
Conférence | Say hello to my little shell ! (video), Unlock your brain, Harden your system 2020 - Lucas Georges
Conférence | Interview Renaud Feil, NoLimitSecu - Renaud Feil
Conférence | Comment promouvoir la place des femmes dans le milieu de la cybersécurité ?, BFMTV - Tiphaine Romand-Latapie
Conférence | SpeedPwning VMware Workstation, Ekoparty 2020 - Bruno Pujos, Corentin Bayet
Conférence | IOMMU and DMA attacks, NorthSec 2020 - Jean-Christophe Delaunay
Conférence | Speedpwning VMware Workstation (video), Ekoparty 2020 - Corentin Bayet, Bruno Pujos
Conférence | [SECHebdo] 28 juillet 2020, Le Comptoir Sécu - Tiphaine Romand-Latapie
Revue | Popular Chinese-Made Drone Is Found to Have Security Weakness, The New York Times - The Team
Conférence | The art of cyber crime, Windows Pools and Windows ARM64 exploitation (from 1:20:55), OPCDE - Corentin Bayet, Paul Fariello
Conférence | Scoop the Windows 10 Pool! (video, whitepaper), SSTIC 2020 - Corentin Bayet, Paul Fariello
Conférence | How to design a baseband debugger (video, whitepaper), SSTIC 2020 - David Berard, Vincent Fargues
Conférence | RDP security: intercepting NLA authentication using CredSSPy (video, whitepaper), SSTIC 2020 - Geoffrey Bertoli
Conférence | NorthSec 2020, IOMMU and DMA attacks - Jean-Christophe Delaunay
Conférence | Binder and its vulnerabilities, THCON 2020 - Jean-Baptiste Cayrou
Revue | Classification of browser vulnerabilities, MISC Magazine 108 - Quentin Meffre
Revue | In-depth security measures of Safari in iOS, MISC Magazine 108 - Fabien Perigaud
Revue | Source code assessment during Red Teams?, MISC Magazine 108 - Julien Szlamowicz
Conférence | Using static and dynamic binary analysis with ret-sync, Bière Sécu Bordeaux - Jean-Christophe Delaunay
Conférence | Modern PHP security, Sec4Dev 2020 - Thomas Chauchefoin, Lena David
Conférence | With Machoc and victorious weapons, using CFG hashing for the lazy reverser, Bière Sécu Lyon - Tristan Pourcelot
Conférence | Exploitation of the FreeBSD kernel vulnerability CVE-2019-5602, Bière Sécu Lyon - Mehdi Talbi
Conférence | Pwn2Own Miami Day 3 Final Results (from 2:56), Pwn2Own Miami - Lucas Georges
Autre | 3 Windows kernel exploitation challenges on Root-Me, Root-Me Windows kernel challenges - Rémi Jullian
2019
Conférence | Reversing the firmware of an e-cigarette, Bière Sécu Toulouse - Samuel Chevet
Conférence | IOMMU and DMA attacks (whitepaper), C&ESAR conference - , Jean-Christophe Delaunay
Conférence | Through the SMM-Glass, Bière Sécu Toulouse - Bruno Pujos
Revue | A look inside Raspberry Pi hardware decoders licenses, Paged Out! #2 - Fabien Perigaud
Revue | Privilege escalation on macOs with CVE-2018-4193, MISC Magazine 106 - Eloi Benoist-Vanderbeken
Outils | IDA Plugin: VMX Intrinsics, IDA plugin - Samuel Chevet
Conférence | V2G Injector - Whispering to cars and charging units through the Power-Line (extended version), t2.fi infosec - Sébastien Dudek
Conférence | Time-travel Debugging, Rump'in Rennes 2019 - Samuel Chevet
Conférence | SF30th Hacking Edition : A journey into Moo, R2CON 2019 - Nicolas Correia
Conférence | Kerberos Unconstrained Delegation, Bière Sécu Toulouse - Nicolas Biscos
Conférence | The return of FAIFA and HomePlugPWN: Make Power-Line Communication hacks great again!, leHack 2019 - Sébastien Dudek
Conférence | Time-efficient assessment of open-source projects for Red Teamers, Pass the SALT 2019 - Thomas Chauchefoin, Julien Szlamowicz
Conférence | DLL shell game and other misdirections (video, whitepaper), SSTIC 2019 - Lucas Georges
Conférence | SSTIC 2019 challenge conception, SSTIC 2019 - David Berard, Vincent Fargues
Conférence | Wild pentesting - When a reverser does pentest... (video), SSTIC 2019 - Fabien Perigaud
Conférence | V2G Injector - Whispering to cars and charging units through the Power-Line (video, whitepaper), SSTIC 2019 - Sébastien Dudek
Conférence | WEN ETA JB? A 2 million dollars problem (video, whitepaper), SSTIC 2019 - Eloi Benoist-Vanderbeken, Fabien Perigaud
Autre | SSRF, reflected XSS and cryptographic signature bypass in w3-total-cache, Patch - Thomas Chauchefoin
Conférence | Exploring the Limitations of 802.1x and Beyond, Infosecurity Europe - Florian Guilbert
Outils | V2G Injector, Software to monitor and test Vehicle-to-Grid (V2G) systems like vehicles' ECU and charging station - Sébastien Dudek
Conférence | Modmobtools and tricks to assess devices using the mobile network (GPRS, UMTS and LTE), Troopers NGI 2019, Research and Tinkering - Sébastien Dudek
Conférence | Android software KeyStore decryption (French), Inter-CESTI - Thomas Etrillard, Julien Legras
Conférence | Riding the lightning: iLO 4&5 BMC security wrap-up, 1ns0mn1h4ck 2019 - Fabien Perigaud
Outils | Metasploit module for CVE-2019-8942, WordPress Arbitrary Code Execution - Wilfried Bécard
Conférence | Modmobtools internals, updates, and more on tools used to assess mobile devices, Troopers Telco Sec Day 2019 - Sébastien Dudek
Outils | Kerberos TGS Rep enctype 17 (AES128-CTS-HMAC-SHA1-96) and enctype 18 (AES256-CTS-HMAC-SHA1-96) implementation (Twitter), Hashcat - Jean-Christophe Delaunay
Conférence | macOS: how to gain root with CVE-2018-4193 in < 10s (exploit code), OffensiveCon 2019 - Eloi Benoist-Vanderbeken
Conférence | Bypassing SMM-EP, Lightning talks at LSE - Bruno Pujos
Revue | Attacking mobile devices from GPRS to LTE, MISC Magazine HS 19 - Sébastien Dudek
Autre | Defeating NotPetya from your iLO4, Defeating NotPetya from your iLO4 - Fabien Perigaud
2018
Conférence | Code Obfuscation 10**2+(2*a+3)%2,, JSecIN 2018 - Gaetan Ferry
Conférence | Turning your BMC into a revolving door, Zeronights 2018 - Fabien Perigaud
Conférence | PentHertz: The use of radio attacks during Red Team and pentests, Security PWNing 2018 - Sébastien Dudek
Conférence | Heapple Pie: macOS and iOS default heap, Sthack 2018 - Eloi Benoist-Vanderbeken
Outils | search_offsets_DMA.py, Script to extract the offsets needed to unlock Windows with a DMA attack - Jean-Christophe Delaunay
Outils | Modmobjam, Perfoms smart-jamming attacks on specific mobile cells - Sébastien Dudek
Conférence | Modmobjam, smart jamming with Software-Defined Radio, RUMPS SSTIC 2018 - Sébastien Dudek
Conférence | Backdooring your server through its BMC: the HPE iLO4 case, SSTIC 2018 - Fabien Perigaud
Outils | Modmobmap, Collects 2G/3G and 4G mobile cells information - Sébastien Dudek
Conférence | Organisation of the SSTIC security challenge, SSTIC 2018 - Lucas Arrivé, Clément Berthaux
Conférence | Modmobmap, the modest mobile networks mapping tool, BeeRumP 2018 - Sébastien Dudek
Conférence | iOS/macOS 0-day^w48-hours, BeeRumP 2018 - Eloi Benoist-Vanderbeken
Conférence | Introduction to CTF competitions (video), 42Born2Code - Lucas Arrivé, Corentin Bayet
Outils | Publication of AJPy in Debian repositories, AJPy - Julien Legras
Revue | Red Team: think like an attacker!, Global Security Mag (page 18) - Renaud Feil
Revue | Exploitation of a vulnerability in Linux's implementation of the waitid syscall (CVE-2017-5123), MISC Magazine 96 - Thomas Chauchefoin, Julien Egloff
Conférence | Subverting your server through its BMC: the HPE iLO4 case, Recon Brussels 2018 - Fabien Perigaud
2017
Conférence | TSIGKILL: Bypassing dynamic DNS updates authentication through signature forgery, GreHack 2017 - Clément Berthaux
Conférence | Cracking password hashes with Kraqozorus, OSSIR 2017 - Renaud Feil
Revue | Radio communication penetration testing, MISC Magazine HS 16 - Sébastien Dudek
Revue | Vault 7: analysis of Marble, the CIA code obfuscation framework, MISC Magazine 93 - Thomas Chauchefoin
Revue | Exploiting Django template injections, MISC Magazine 93 - Clément Berthaux
Outils | Juniper decrypt, Script to decrypt Juniper screenOS encrypted passwords and keys - Fabien Perigaud
Revue | Frida: the swiss-knife of multi-platform dynamic analysis, MISC Magazine 92 - Eloi Benoist-Vanderbeken
Outils,Avis de sécurité | CVE-2017-6008 exploit, Multiple vulnerabilities in the security solution HitmanPro of Sophos: CVE-2017-6007, CVE-2017-6008 and CVE-2017-7441 - Corentin Bayet
Conférence | Windows 10 Pool Party, exploitation of a Kernel Pool buffer overflow on the last version of Windows 10 (details), Nuit du Hack 2017 - Corentin Bayet
Conférence | Study of an unknown CPU, BeeRumP 2017 - Fabien Perigaud
Outils | Hashcat, Support for cracking DPAPI masterkey files from Windows XP to Windows 10 - Jean-Christophe Delaunay
Conférence | Psychological profiling and LinkedIn passwords, SSTIC 2017 - Jean-Christophe Delaunay
Conférence | Out-of-control cars!, SSTIC 2017 - Sébastien Dudek
Conférence | BeeRumP announcement, SSTIC 2017 - Eloi Benoist-Vanderbeken
Conférence | IDASuckLess (Website), SSTIC 2017 - Eloi Benoist-Vanderbeken
Conférence | IoT Hacking - the case of Intercoms (with little updates since 33C3), OSSIR afterwork - Sébastien Dudek
Conférence | Tools and techniques to remotely compromise and spy workstations, Ecole de Guerre Economique - Renaud Feil
Conférence | Turning a GPS-based dating application into a tracking system, ESIEA Secure Edition 2017 - Julien Legras, Julien Szlamowicz
Outils | eBPF IDA, an IDA processor for eBPF bytecode - Clément Berthaux
Conférence | DPAPI exploitation during a pentest and password cracking, Univershell 2017 - Jean-Christophe Delaunay
Outils | John The Ripper, Support for cracking DPAPI masterkey files from Windows XP to Windows 10 - Jean-Christophe Delaunay
Autre | Write-up of the SSTIC 2017 challenge, SSTIC 2017 - Clément Berthaux
Conférence | How to develop an unpacker: the StarForce case, Sthack 2017 - Eloi Benoist-Vanderbeken
Conférence | DPAPI exploitation during a pentest, Sthack 2017 - Jean-Christophe Delaunay
Conférence | Offline extraction of DPAPI-protected secrets, JSSI OSSIR 2017 - Jean-Christophe Delaunay
Conférence | WordPress security: hunting security bugs in a supermarket, Security Day 2017 - Thomas Chauchefoin
Conférence,Outils | Presentation of our pentesting toolkit (Disconet, Houdini, Kraqozorus, Oursin), FIC 2017 - Nicolas Collignon, Renaud Feil
2016
Conférence | Intercoms Hackings, when frontdoors become backdoors - more detailed (video), 33C3 Hamburg - Sébastien Dudek
Outils | Hashcat, Kerberos TGS Rep enctype 23, AxCrypt, AxCrypt in-memory secrets and Keepass version 1 and version 2 with or without "keyfile" implementations - Jean-Christophe Delaunay
Conférence | Challenge resolution and solution presentation, Grehack 2016 - Fabien Perigaud
Conférence | House intercoms attacks, when frontdoors become backdoors - including progress on 3G intercoms (video), Hack.lu 2016 - Sébastien Dudek
Revue | Bypassing AppLocker using Powershell, MISC Magazine 87 - Damien Picard
Conférence | House intercoms attacks, when frontdoors become backdoors (paper, video jamming, video spamming), Nuit du Hack 2016 - Sébastien Dudek
Conférence | Turning a GPS-based dating application into a tracking system, Nuit du Hack 2016 - Julien Legras, Julien Szlamowicz
Outils | AJPy, AJP python library - Julien Legras
Conférence | Kerberom, BeeRumP 2016 - Jean-Christophe Delaunay
Conférence | Cache attack, ECC, FRP256v1, backdoor, NIST, end of the world, BeeRumP 2016 - Eloi Benoist-Vanderbeken
Conférence | Switching to insecurity, BeeRumP 2016 - Nicolas Collignon
Conférence | UDP Just Opened, BeeRumP 2016 - Renaud Dubourguais
Conférence | Hacking your printer, BeeRumP 2016 - Jean-Christophe Delaunay
Conférence | Frida: How does it work? How to use it? (video - french), OSSIR 2016 - Eloi Benoist-Vanderbeken
Conférence | Mobile communications: practical attacks using cheap equipment, Business France 2016 - Sébastien Dudek
Conférence | AJPy: AJP python library, SSTIC 2016 - Julien Legras
Conférence | Near-Field Beer, SSTIC 2016 - Fabien Perigaud
Conférence | Challenge resolution and solution presentation, SSTIC 2016 - Fabien Perigaud
Outils | AxSuite, retrieve in-memory secrets saved by AxCrypt - Jean-Christophe Delaunay
Outils | Kerberom, retrieve ARC4-HMAC'ed encrypted Tickets Granting Service (TGS) of accounts having a Service Principal Name (SPN) within an Active Directory - Jean-Christophe Delaunay
Outils | Cisco ACS Repo Decrypt, decrypt Cisco ACS repository passwords - Nicolas Collignon
Outils | des26 SAP ITS Decrypt, decrypt des26 SAP ITS (Internet Transaction Server) passwords - Eloi Benoist-Vanderbeken
Outils | VanDyke SecureCRT Decrypt, decrypt SSH passwords stored in VanDyke SecureCRT session files - Eloi Benoist-Vanderbeken
Conférence | Podcast about Red Team penetration testing, NoLimitSecu 2016 - Renaud Feil
Revue | Attacking a Windows network with Responder, MISC Magazine 85 - Gaetan Ferry
Conférence | Just you, PowerShell and the target? Challenge accepted (demo), Sthack 2016 - Damien Picard
Conférence | Tools and techniques to compromise workstations, GS Days 2016 - Clément Berthaux, Renaud Feil
Conférence | Offensive use of PowerShell (demo), GS Days 2016 - Damien Picard
Outils | John The Ripper (extractor), Keepass key-files support and extractor - Jean-Christophe Delaunay
Conférence | Feedback after 10 years of security audits, JSSI OSSIR 2016 - Renaud Feil
Autre | Authenticated Remote Code Execution in Sentry, Security vulnerability - Clément Berthaux
Outils | John The Ripper (extractor), AxCrypt support and extractor - Jean-Christophe Delaunay
2015
Revue | Packers and anti-virus, MISC Magazine HS 12 - Eloi Benoist-Vanderbeken
Revue | Red Team penetration tests: evolution and challenge, MISC Magazine HS 12 - Renaud Feil
Revue | Techniques and tools to compromise desktops, MISC Magazine HS 12 - Clément Berthaux
Revue | Physical and logical penetration testing, MISC Magazine 80 - Renaud Feil
Revue | Discovery and reliable exploitation of an XXE vulnerability in the Drupal Services module, MISC Magazine 80 - Renaud Dubourguais
Conférence | The Internet of Things is bad, SSTIC 2015 - Eloi Benoist-Vanderbeken
Conférence | HQL to SQL evasion (video), SSTIC 2015 - Renaud Dubourguais
Conférence | Vulnerability research in embedded systems, ESIEA Secure Edition 2015 - Eloi Benoist-Vanderbeken
Revue | PlugX: analysis of a RAT, MISC Magazine 79 - Fabien Perigaud
Revue | Crack user data on the Blackphone, 01net - Sébastien Dudek
Revue | Using reverse engineering skills during a penetration test: practical cases, MISC Magazine 78 - Eloi Benoist-Vanderbeken
Revue | Using a password cracking tool: John the Ripper, GNU/Linux Magazine HS 76 - Julien Legras
2014
Conférence | G-Jacking AppEngine-based applications, NoSuchCon 2014 - Nicolas Collignon
Conférence | Advanced password breaking (FR), JSSI Rouen 2014 - Julien Legras
Conférence | HomePlugAV PLC: Practical attacks and backdooring, NoSuchCon 2014 - Sébastien Dudek
Conférence | NoSuchCon 2014 challenge, NoSuchCon 2014 - Eloi Benoist-Vanderbeken, Nicolas Collignon
Conférence | Bypassing IDS/IPS with the TCP Fast Open option (PoC), SSTIC 2014 - Nicolas Collignon, Renaud Dubourguais
Conférence | Android 0dayz hunting, again, SSTIC 2014 - Fabien Perigaud
Conférence | G-Jacking AppEngine-based Applications, HITB Amsterdam 2014 - Nicolas Collignon, Samir Megueddem
Autre | Writeup for dosfun4u, DEFCON CTF quals 2014 - Eloi Benoist-Vanderbeken
Outils | Ethercomm, PoC to reactivate the TCP/32764 backdoor - Eloi Benoist-Vanderbeken
Conférence | Tools and techniques for Red-Team penetration tests, JSSI OSSIR 2014 - Renaud Feil
Outils | SAP SecStore Decrypt, SAP SecStore decryption - Nicolas Collignon
Autre | The Eye of the Tiger, Whitepaper on an APT - Fabien Perigaud
Revue | Discovery and exploitation of a vulnerability in Windows XP USB stack, MISC Magazine 71 - Fabien Perigaud
Outils | Dissipe, Sage ERP X3 internal passwords decryption - Nicolas Collignon
2013
Autre | JSF ViewState upside-down, Whitepaper - Nicolas Collignon, Renaud Dubourguais
Outils | InYourFace, JSF ViewState tampering - Renaud Dubourguais, Nicolas Collignon
Conférence | Oracle TNS protocol hijacking, SSTIC 2013 - Nicolas Collignon
Revue | Pentesting JBoss AS in 2013, MISC Magazine 67 - Renaud Dubourguais
Revue | MySQL DBMS memory exploitation (CVE-2012-5611), MISC Magazine 67 - Samir Megueddem
Outils | jimmix, remote administration tool for JBoss AS using the JMXInvoker - Renaud Dubourguais
Conférence | WAF contest , JSSI OSSIR 2013 - Renaud Dubourguais, Renaud Feil
2012
Conférence | J2EE frameworks security: the birth of Expression Language injections, JSSI Rouen 2012 - Renaud Dubourguais
Conférence | Fuzzing the GSM Protocol Stack, Hack.lu 2012 - Sébastien Dudek
Autre | Solution for the ESET BlackHat US Challenge, Whitepaper - Eloi Benoist-Vanderbeken
Revue | Applicative security in Linux, MISC Magazine 62 - Sébastien Dudek
Conférence | Criterium attack / QR-bit flip, SSTIC 2012 - Nicolas Collignon
Conférence | The DevMode flag in Struts 2, SSTIC 2012 - Renaud Dubourguais
Conférence | Android 0dayz hunting, SSTIC 2012 - Fabien Perigaud
Autre | Solving the SSTIC challenge, SSTIC 2012 - Eloi Benoist-Vanderbeken
Conférence | Hacking (and securing) JBoss AS, Security Day 2012 - Renaud Dubourguais
Revue | Android local root: stable exploitation of the CVE-2011-3874 vulnerability, MISC Magazine 61 - Fabien Perigaud
2011
Outils | BlueBerry, BlackBerry Enterprise Server passwords decryption - Nicolas Collignon
Conférence | Pentests: exposing real world attacks, Security Day 2011 - Renaud Dubourguais
Conférence | Control-flow flattening and symbolic execution (whitepaper), SSTIC 2011 - Eloi Benoist-Vanderbeken
Autre | Hackito Ergo Sum Crackme, Hackito Ergo Sum 2011 - Eloi Benoist-Vanderbeken
2010
Outils | rdp2tcp, TCP tunneling over RDP - Nicolas Collignon
Conférence | Introduction to USRP: hardware, radio, digital processing, and GnuRadio, HackerzVoice 2010 - Sébastien Dudek
Autre | In memory extraction of SSL keys, Whitepaper - Nicolas Collignon
Conférence | TCP tunneling over RDP, SSTIC 2010 - Nicolas Collignon
Conférence | Exploiting and securing JBoss AS, SSTIC 2010 - Renaud Dubourguais
Conférence | Feedback on enterprise applications security, NetFocus - Nicolas Collignon
Conférence | Forensic and Software (Un)obfuscation, ECIW 2010 - Eloi Benoist-Vanderbeken
2009
Conférence | Webshells: how to have your network wide open, GS-Days 2009 - Renaud Dubourguais
Conférence | Shell over DTMF, SSTIC 2009 - Nicolas Collignon
2007
Conférence | Feedback on PHP code audits, Forum PHP 2007 - Nicolas Collignon
Revue | Evolution of Cross Site Request Forgery attacks, Journal In Computer Virology - Renaud Feil
Conférence | Encrypting hostile web content over HTTP, SSTIC 2007 - Renaud Feil
Conférence | Evolution of CSRF attacks, SSTIC 2007 - Renaud Feil
Conférence | Discovering IPv6 networks, SSTIC 2007 - Nicolas Collignon
Conférence | Web 2.0: more ergonomic... and less secure?, JSSI OSSIR 2007 - Renaud Feil
2006
Conférence | Client-side vulnerabilities, SSTIC 2006 - Renaud Feil
Conférence | Impacts and threats around the IPv6 protocol, OSSIR 2006 - Nicolas Collignon
Conférence | IPv6: network security threats, IPv6 Worldwide Summit 2006 - Nicolas Collignon