I am a security researcher with a particular appeal for application security. With a background in offensive security, I am at my happiest when breaking through all kinds of things.
Contact
Location
Normandie FR
Work
SonarSource
Application Security Researcher
Researching and specifying security rules to feed the SAST engines of Sonar products.
- Languages and framework security research.
- Detection rules design.
- Proofs of concept and prototypes.
Synacktiv
Security expert
Penetration tester and offensive security auditor position. Missions for a wide variety of customers and topics.
- Adversary simulation.
- Vulnerability research.
- Pentest team R&D lead.
- Offensive security tooling.
- Applied cryptography specialist.
Rouen University
Independent contractor
Web application security course for last year Master degree students.
Intrinsec
Security analyst intern
Security analyst inside Intrinsec CERT. Research and development around malware analysis and threat intelligence.
- Honeypot development, deployment, and data analysis.
- Malware analysis.
- Incident response.
Publications
Juliet C# Benchmark and the SecureString case
Feedback post about the Juliet C# SAST benchmark suite with a study SecureString related test cases.
CVE-2022-31813: Forwarding addresses is hard
Write-up about CVE-2022-31813, which exploits hop-by-hop headers handling in mod_proxy. Presentation of theoretical and real-world impacts.
elFinder: The story of a repwning
Write-up about CVE-2020-26960 which bypasses a previous path traversal patch.
Is it post quantum time yet?
High-level overview of post-quantum cryptography focusing on transition mechanisms.
Kubernetes namespaces isolation - what it is, what it isn't, life, universe and everything
Presentation of Kubernetes namespaces isolation, its limits, and some attack scenarios.
Don't fear the bark, ts_rewrite to dodge the mark
Bypassing F5 Big IP WAF SQL injection protection using the full-text search feature of PostreSQL.
Pwning an outdated Kibana with not so sad vulnerabilities
Writeup about combining LFI and prototype pollution vulnerabilities to achieve remote code execution on Kibana.
Attaquer un réseau Windows avec Responder
Published by MISC Magazine
A short introduction on exploiting the multicast and broadcast name resolution mechanisms to start compromising a Windows Active Directory domain.
Vulnerabilities
Remote Code Execution in Supermicro SuperDoctor5 before 5.14.0
A remote code execution vulnerability in Supermicro Super Doctor 5 leveraging a log4j configuration tampering issue.
CVE-2022-31813
X-Forwarded-* header creation bypass through hop-by-hop in Apache HTTPD.
CVE-2022-26960
Directory traversal in std42 elFinder through 2.1.60.
Livebox 3 - Weak password reset procedure
Password reset vulnerability on the Livebox 3 device from Orange.
CVE-2019-1591
Cisco Nexus 9000 Series Shell Escape Vulnerability
CVE-2019-1588
Cisco Nexus 9000 Series Arbitrary File Read Vulnerability
CYBONET – PineApp Mail Secure 5.1: Multiple vulnerabilities
Code execution, SQL injection, unrestricted upload and restricted shell escape in PineApp Mail Secure email filtering software.
Talks
AppSeco and Juliet C# (lightning talk)
Presented at Hexacon 2023
A lightning talk about the Juliet C# project and its use for SAST engine benchmarking.
Code Obfuscation 10**2+(2*a+3)%2
Presented at JSecIN'18
An introduction talk to code obfuscation focusing on classical techniques like CFG flattening or array indexing.
Education
University of Rouen
Courses
- Cryptography
- Web Security
- Binary exploitation
- etc
University of Rouen
Courses
- Web development
- Algorithms
- etc