I am a security enthusiast (OSCP) since my young age. I try to change mind around me about the necessity of pentesting. Indeed, I did several audits, wrote security policies, did several pentests. Everything is needed:

  • Risk assessments (ISO 2700X) to analyse the process and decide at the right management level with all stakeholders what to do, how and with which priority;
  • Pentests to analyse the implementation of security policies and measures to detect any vulnerability or additional threats vectors;
  • Security Awareness to maintain or improve a sufficient knowledge to be aware of the risk, how to detect it and how to react.

So why this blog? Just my way to share part of my knowledge. Have a good reading and do not hesitate to contact me 🙂

Nota: this blog is for an educational purpose. Any intrusion or tentative without authorization is illegal. French law: article 323-1 to 323-7.

Recent Posts

Vulnerability disclosure TP-Link multiples CVEs

TP-Link TL-SG108E Easy Smart Switch CVE-2017-8074 CVE-2017-8075 CVE-2017-8076 CVE-2017-8077 CVE-2017-8078 In May 2016, I made a little assessment on my own TP-Link switch. I found several vulnerabilities so I sent a complete report to TP-Link support to warn them. They answered me very professionally and declared that these vulnerabilities are mainly due to the technical limitation … Continue reading Vulnerability disclosure TP-Link multiples CVEs

ZigBee part 1

What is ZigBee? It is a wireless protocol used quite often in IoT for two main reasons: It is low power consumption, It is simpler and less expensive than Wifi or Bluetooth technologies.   Capturing ZigBee signal To do this experimentation, I used: AVR RZUSBSTICK http://www.atmel.com/tools/rzusbstick.aspx AVR Dragon http://www.atmel.com/tools/avrdragon.aspx AVRDUDE https://savannah.nongnu.org/projects/avrdude/ Firmware kb-rzusbstick-002.hex https://github.com/riverloopsec/killerbee/blob/master/firmware/kb-rzusbstick-002.hex KillerBee https://github.com/riverloopsec/killerbee Lib-usb32 https://sourceforge.net/projects/libusb-win32/ Flash the … Continue reading ZigBee part 1

ROP Primer: 1

A couple of times ago, a new challenge was released on the vulnhub website. Because it wass really interesting, I decided to blog it. You can find the challenge here: https://ctf-team.vulnhub.com/rop-primer/ Let’s have a look 🙂     Intro First of all, the virtual machine has been deployed under VirtualBox. After finding the IP address, let’s begin with nmap: … Continue reading ROP Primer: 1

More Posts