Publications

Ressources et Publications

Feb 4th, 2020
Introduction to mobile network intrusions from a mobile phone[link]
Nov 3rd, 2019
TIBCO JasperReports Server XML Entity Expansion Vulnerability (CVE-2019-8986)[link]
Oct 24th, 2019
V2G Injector: Whispering to cars and charging units through the Power-Line (extended version)t2 infosec[slides]
Oct 3rd, 2019
Huawei ManageOne ServiceCenter ACL BypassSoftware-Defined Network[advisory]
Jul 6th, 2019
The return of FAIFA and HomePlugPWN: Make Power-Line Communication hacks great again!leHack 2019[slides]
Jun 7th, 2019
V2G Injector: Whispering to cars and charging units through the Power-LineSSTIC 2019[slides] [paper]
Mar 19th, 2019
Modmobtools: Internals, updates and moreTroopers Telco Sec Day 2019[slides]
Mar 18th, 2019
Modmob tools and tricks: Using cheap tools and tricks to attack mobile devices in practiceTroopers NGI 2019[slides]
Feb, 2019
Attacking mobile devices from GPRS to LTEMISC magazine HS #19[link]
Nov 19th, 2018
PentHertz: The use of radio attacks in red team and pentestsSecurity PWNing 2018[slides]
Jun 14th, 2018
Modmobjam: Jam tomorrow, jam yesterday, but also jam todaySSTIC RUMP 2018[slides]
Jun 14th, 2018
Modmobjam: Jam tomorrow, jam yesterday, but also jam todaySSTIC RUMP 2018[slides]
May 31st, 2018
Modmobmap: The modest mobile networks mapping toolSSTIC RUMP 2018[slides]
Apr 10th, 2018
Missing XML Validation vulnerability in SAP Control Center and SAP Cockpit Framework[link]
Sep, 2017
Radio communication penetration testingMISC Magazine HS #16[link (FR)]
Jun 8th, 2017
Out-of-control cars!SSTIC RUMP 2017[video recording (FR)]
May 23th, 2017
IoT Hacking - the case of Intercoms (with little updates since 33C3)OSSIR 2017[slides]
Dec 28th, 2016
Intercoms Hackings, when frontdoors become backdoors (more detailed)33c3[slides]
Dec 28th, 2016
House intercoms attacks, when frontdoors become backdoors (including progresses on 3G intercoms)Hack.lu 2012[slides] [video recording]
Jul 2nd, 2016
House intercoms attacks, when frontdoors become backdoorsHack.lu 2012[slides] [paper] [video: jamming attack]
Jun 7th, 2016
Mobile communications: practical attacks using cheap equipmentBusiness France 2016[slides]
Feb 1st, 2016
CVE-2016-3513, CVE-2016-3514, CVE-2016-3515 and CVE-2016-3516 in Oracle ECB and COM productsdetails: [1] [2] [3] [4]
May 1st, 2015
CVE-2015-6409: Cisco Jabber STARTTLS Downgrade Vulnerability[details]
Apr 15th, 2015
How to hack the Blackphone, the "NSA-Proof" smartphone01net.com magazine[link]
Oct 19th, 2014
HomePlugAV PLC: Practical attacks and backdooringNoSuchCon 2014[slides] [paper]
Oct, 2012
Fuzzing the GSM Protocol StackHack.lu 2012[slides]
Jul, 2012
Applicative security in LinuxMISC #62[link]
2010
Introduction to USRP: hardware, radio, digital processing, and GnuRadioHackerzVoice[slides]