My first paper has been accepted at SysTEX 2018! It's about Trusted Execution Environment and Code Confidentiality! "TEEshift: Protecting Code Confidentiality by Selectively Shifting Functions into TEEs"

Please welcome a new type of challenge on Root-Me: BROWSER EXPLOITATION Introduction challenge: root-me.org/en/Challenges/…

Proud to offer you this new BROWSER EXPLOIT challenge: exploit it using some of the modern techniques such as egg hunting, self discovery, heap spraying and understanding underlying JavaScript primitives. root-me.org/en/Challenges/…

When the receptionist tells you that "for convenience", the WiFi is "Password free".

Cherche stage de fin d'études (6 mois, ingé) dans la Cybersécurité (dév d'outils / forensic / malware analysis / crypto) sur Paris. Mes DMs sont ouverts pour plus d'informations 😏, RTs appréciés! Bonne journée 😘

Today Titouan Lazard is joining us as a reverser/exploit dev 💥 Welcome on board !

Starting 2021, I worked on the security of UDP Technology IP Cameras with @AyadhiIbrahim! It is *finally* published! 11 (trivials) RCEs. And an authentication bypass.

Les reportages que vous lisez, écoutez, regardez leurs doivent énormément. Les fixeurs. 4 épisodes événement de Mécaniques du journalisme, par Lewko, à réécouter ici en #podcast 🎙🎧👍 franceculture.fr/emissions/seri…

On est attaqués par Avisa, l'agence qui diffuse de faux contenus médiatiques pour ses riches clients. D'autres médias indépendants sont concernés. Plus que jamais, on a besoin de vous, alors on vous propose une offre à un euro les trois premiers mois : arretsurimages.net/?formula=offre…

Avisa Partners, cette société française qui inquiète les services secrets — et plus particulièrement la DGSE et la DGSI. La suite des révélations de Mediapart sur ce géant français de l'intelligence économique et de l'e-reputation. mediapart.fr/journal/france…

Introducing sshimpanzee, a reverse shell made by Titouan Lazard based on openssh's sshd. It supports DNS, ICMP and HTTP encapsulation as well as SOCKS and HTTP Proxies : blog.lexfo.fr/sshimpanzee.ht…

#Fortinet published a patch for CVE-2023-27997, the Remote Code Execution vulnerability rioru (Dany Bach) and I reported. This is reachable pre-authentication, on every SSL VPN appliance. Patch your #Fortigate. Details at a later time. #xortigate

#Fortinet patched #CVE-2023-27997, a critical vulnerability affecting its VPN #Fortigate. Our latest blogpost describes the technical details about the bug, a pre-auth heap overflow, with a twist. #xortigate blog.lexfo.fr/xortigate-cve-…

😭😭😭 which one of you nerds did this

Glad it is finally published, I had a great time working on that! Sometime Pentests can be fun. openwall.com/lists/oss-secu…

My article about the Munge Heap Buffer Overflow is available here ! blog.lexfo.fr/munge-heap-buf…

Ever get remote code execution by fragging a player? oneupsecurity.com/research/remot… Research by Justin Taft from One Up Security

malicious software libraries in the official Python package repository reddit.com/r/netsec/comme…

Looks like italians are joining forces, any french ctf player/team willing to do the same for the DefconQual ? #TeamBaguette x.com/towerofhanoi/s…