GSoC 2014 - Working for OWASP on OWTF

Published on Saturday, 10 May 2014 in Gsoc 2014, Python ; tagged with gsoc, 2014, project, owasp, owtf, security, pentest, python ; text version

I have applied for the Google Summer of Code, 2014 edition, a couple of months earlier and I have been accepted!
Therefore, for the next months I will be working on the OWASP - OWTF project.

This first post describes the OWTF tool and the project I will have to implement for August.
Then it explains the few contributions I have been working on since the past three weeks.

It is the first post from a monthly series that will show my progress on the Automated Ranking System I am implementing.

Continue reading

Flawed security from my ISP

Published on Friday, 09 May 2014 in Security ; tagged with security, password policy, bruteforce ; text version

The good and the bad

After spending six months in the Information Systems Security service of the Société Générale, I have got really impressed by how the security was managed!

To be clear, doing security on my free time gave me a pessimist opinion on security when managed by big companies.
But working with such a service as the ISS one from the SG changed my mind. In my humble opinion, they are doing excellent job!
Take it as you want of course, I am just a student with no real experience :/

But today I stumbled into such a bad password policy that it blew my mind, in a bad way (sigh).

Continue reading

NdH2k14 Prequals retrospective

Published on Tuesday, 08 April 2014 in Security ; tagged with ndh, ctf, challenge, security ; text version

It's been a long time

It has been a long time since I wrote something for my blog. This can been explained because of the transition between the end of my internship at Société Générale and the beginning of my semester at my University.
For the first time since a couple of semesters, most of my lectures are interesting. I have to deal with ARM architectures as well as programing on WiFi access point (on the OpenWRT firmware).

Moreover, I am applying for the GSoC 2014 edition this year.
The redaction of my proposal took me some times but I expect good news for my mentor really soon.
I will give you more information as soon as the official announce is published. At that time, I will write a few lines concerning the project I am applying for :)

Anyway, the following post describes the basic mistakes we have made while attending to the CTF for the NdH 2014 prequals.

Continue reading

Flask and Markdown, I love you!

Published on Sunday, 08 December 2013 in Blog ; tagged with blog, internship, intern, societe generale ; text version

Good morning fellows!

Since a couple of weeks, I was working on this new version of my blog.
I wasn't fulfil anymore with the previous one. The main problem was the way I had to write the posts.

In fact, I got annoyed having to use a web interface to edit a post.
Before, I had to write into a html text area, which means with all the different HTML attributes (p, h1, h2, a, etc.).

But then, I discovered Markdown, or re-discovered it in fact.

First I thought that Markdown was just for fun. I mean that it was more like a good joke than a real syntax format. It was just too simple to be true.
After a couple of time using it, I just couldn't stop anymore!
I felt like when some friends taught me Latex, but a thousand times better!

Well, I wrote this version of the blog from scratch. And this post tries to details the main changes.

Continue reading 2k13 RoboAuth - reverse150

Published on Thursday, 24 October 2013 in CTF, Security, Reverse Engineering ; tagged with, ctf, write-up, reverse, 150, challenge, security, ida, int3, sigtrap, hackgyver ; text version's CTF

Bonjour les gens !

The last two days, we have seen's CTF taking place online.
It was a lot of fun, their IRC channel was really fun, so was their challenges :)

Last results? 106 over 413 applying teams. Well done HackGyver \o/

Now it's time for the write-up. More precisely, the one on RoboAuth, their 150 points reverse challenge.

RoboAuth, the challenge

RoboAuth challenge

The challenge is a binary which asks for two distinct passwords. I salute the ASCII art :P
Since futex powned ndh2K13 prequals' challenge (crackme200) with a simple strings command, I will start from the beginning :p

Continue reading License WTFPL2