Salut, ca va ? 2 min read - Sep 24, 2021 Recently, someone explained to me that the sentance "Salut ca va ?" (Hi, how are you?) is useless. But is this really the case?
SSRF to RCE with Jolokia and MBeans 8 min read - Feb 28, 2021 Exploitation writeup for a RCE a found recently, involving a path traversal, an SSRF, jolokia endpoints, and Tomcat jsp files!
RCE on Spip and Root-Me 15 min read - Sep 29, 2020 Vulnerability research write-up on spip, the web framework used by The issues found goes from XSS to RCE, passing by SQLi!
A Helping Hand 11 min read - May 3, 2020 Help a friend to troupleshoot issues on their server isn't always an easy thing. There are many ways to achieve this, and I'm going to show you three different solutions. We'll make use of ssh, tmux, tmate, gotty, socat and even ngrok.
Reverse XSShell 2 min read - Feb 22, 2020 Having some fun playing with xss and websockets. A different approach to reverse shell and their contexts!
Infosec made easy 1 min read - Feb 3, 2020 I often end up speaking about infosec with friends that don't know much about this topic, and it can be a lot to handle at once, many complicated words, techniques, etc. So here's a glossary of the main attacks, but with weird descriptions!
Wordpress Subpath Auditor 5 min read - Jan 25, 2020 Introduction to Wordpress Subpath Auditor, a homemade tool that can be used to audit various components within a Wordpress installation. It relies on docker, git, php, wordpress, python, and virtualenv.
SSHrc and telegram apis 3 min read - Jan 17, 2020 Are your servers and bounces alone? Do you know what they do late at night? Who they hang out with when you're not around? Well, I do, and I'll tell you how to spy them! (TL;DR: Telegram api and sshrc)
Ngrok your DockerSploit 6 min read - Dec 15, 2019 Tired of broken tools? You broke your system frequently by installing random sh*t? So do I! Let's see how to use docker, metasploit, ngrok and aliases in order to simplify your life and keep your system alive while hacking the planet!
A linux caca story 4 min read - Apr 6, 2019 A few days ago, I realized that some '' file was present in my linux filesystem. As caca means poop in French and I'm pretty immature, I investigated. What I found was... Wonderful.
New York, Datadog and I - Week 3 to 6 7 min read - Mar 16, 2019 Third article about my trip to New-York. Datadog parties, cool rooftop, visiting with Marine, api endpoints sanitization, vagrant and ansible, finding a home AGAIN... And pics!
New York, Datadog and I - Week 2 6 min read - Feb 16, 2019 Second article about my trip to New-York. Finding a home, no one cooks, free Wi-Fi, work, keyboard, Valentine's day... And pics!
New York, Datadog and I - Week 1 6 min read - Feb 9, 2019 First article about my trip to New-York. Why, where, when, with whom, what surprised me, how it went... And pics!
ThinkLoveShare's migration 3 min read - Dec 9, 2018 Short introduction to the technologies used to build and maintain this website and a few words on why I changed.
GreHack 2018 6 min read - Nov 16, 2018 GreHack 2018 is an hacking event (conferences and CTF) that takes place each year at Grenoble in France. Last year was the first time I went to an event like that, this year, I bring you in !
CSAW - Algebra 2 min read - Sep 16, 2018 Miscellaneous challenge that encourage the CTFer to either code an equation solver, of use one already existing.
CSAW - Big boi 1 min read - Sep 16, 2018 Binary exploitation of a dummy command executor, simple buffer overflow of a function's parameters.
CSAW - Shell->Code 2 min read - Sep 16, 2018 Binary exploitation using linked lists in order to store parts of a shellcode in many places and then link their execution with jumps.
CSAW - Short Circuit 1 min read - Sep 16, 2018 Hardware challenge on paper! This task consists in getting the internal state of a (simple) circuit, bit by bit, and convert it to ascii texte.
Security Fest - Excess ess 1 3 min read - Jun 4, 2018 Web challenge about XSS and browser behavior. It's all about finding a bypass in order to execute a javascript function after its references has been removed.
PWN 4/4 : Stack Pivot ToZeMoon ! 7 min read - May 10, 2018 The basics of binary operation are normally acquired, let's go for a practical operation with a stack pivot!
PWN 3/4 : SaperliROPette ! 6 min read - May 9, 2018 Introduction to Return Oriented Programming (ROP) and practical example.
PWN 2/4 : Return at libc, pick a shell ! 8 min read - May 8, 2018 Introduction to Return to libc (ret2libc) and practical example.
PWN 1/4 : Buffer Overflow, where it all began 10 min read - May 3, 2018 Introduction to binary exploitation, ELF format and shellcode writing.
A question of standards? 4 min read - Apr 1, 2017 Reflection on the theme of tolerance, the norms of our society and what they imply.
A Poppy Story 4 min read - Mar 30, 2017 Writing exercise with a friend, aiming to be fresh and cute, about a poppy woman.
Reasoning without headache 7 min read - Mar 7, 2017 Reasoning is not simple and often leads to a headache or even stress. Here are some personal methods and advices that will hopefully allow you to better experience these research phases.