Introduction à la cryptographie

Le support de ma conférence à la Fête de la science le 6 octobre 2018 à Montreuil, « La cryptographie, comment ça marche ? »


Risk assessment and security testing

Some weeks ago I wrote a short paper on the following topic : "Risk assessment and security testing : two sides of the same coin ?" Abstract - In this short essay we will examine how close risk assessments and security tests are, their differences and the potential benefits of bringing these activities closer. Full paper here : Risk assessment and security testing : two sides of the same coin ?


DCSync and DCShadow

I had recently a chat with Benjamin Delpy, the father of Mimikatz about his last findings (with Vincent Le Toux), DCSync and DCShadow – first presented at the Bluehat IL 2018 conference – now included in his tool. Context | Domain controllers often talk with each other, and the protocol they use is MS-DRSR (apparently not very well documented) DCSync | When a DC wants to update its data requesting another DC, it calls an API, using domain admin or DC$ creds. What if this API is called by something which is not a DC ? Among all the available methods, one is very interesting : DRSGetNCChanges. It is used “To obtain all change of the targeted object (using its GUID)”. This allows for (...)



Great farewell gifts from a great cybersec team ! Many tanks to them for this year !


Policies / real-life attacks, a healthy dialectic

“Policies / real-life attacks, a healthy dialectic”, a presentation I made in November 2017 during a security conference (not public) in Buenos Aires. While it is obvious that security policies can affect the attack surface of an organization, I try in this short presentation to identify some lessons we can take away from real-life attacks regarding… security policies and standards.


Seguridad de la seguridad, un método empírico - Paper & Prez

"Seguridad de la seguridad, un método empírico", el artículo presentado en el "IX Congreso Iberoamericano de Seguridad Informática - CIBSI 2017" : Mi presentación del 3 de noviembre 2017, Buenos Aires :


Seguridad de la seguridad, un método empírico

Mi trabajo "Seguridad de la seguridad, un método empírico" ha sido aceptado como artículo corto en el "IX Congreso Iberoamericano de Seguridad Informática - CIBSI 2017" que se desarrollará en la Universidad de Buenos Aires en noviembre 2017 (mi presentación será el viernes 3 a las 09h30). El estudio que presentaré tiene por objeto el desarrollo de un método de ayuda a la toma de decisiones fiables en el ámbito de la seguridad, es decir, cómo evitar tomar ciertas malas decisiones, en particular en el dominio de la gestión de crisis o de incidentes mayores. (Pronto pondré aquí el artículo completo. La versión en francés esta (...)


Introduction to Cryptography

Back to my early career… “Introduction to Cryptography”, a short lecture on crypto basics & history I gave recently :


0 | 8 | 16 | 24 | 32

Creative Commons - BY - NC - ND

Tous les textes, images et sons de cryptosec sont publiés selon les termes de la licence Creative Commons - Attribution - Pas d’Utilisation Commerciale - Pas de Modification - 3.0