Axelle’s publications

Conference List

Conferences I spoke at:

• AMUSEC 2021
• AREA 41 2016
• Barbhack 2020 2022
• BlackAlps 2018 2019 2022
• BlackHat Europe 2012 2014
• BotConf 2020
• BSides Munich 2020
• BSides Oslo 2021
• CARO Workshop 2014
• CCCC 2020
• Confidence 2010
• DefCamp 2016
• EICAR 2010 2012
• GreHack 2013 2017
• Hack in Paris 2015
• Hack.Lu 2013 2014 2015 2016 2018 2019
• Hacktivity 2013 2015
• Hashdays 2012
• Insomni’hack 2011 2012 2014 2015 2016 2017 2018 2019 2020* 2023
• ISSE 2002
• USENIX LISA 2004
• Mundo Hacker 2021
• NoHat
• NorthSec 2021
• Nuit du Hack 2015 2017
• Nullcon Webinar 2020
• Pass The Salt 2018 2020
• PDPTA 2003
• RSA Europe 2011
• RSA US 2020
• SAR-SSI 2010
• SECI 2002
• SecSea 2020 2021
• ShmooCon 2011
• SSTIC 2017
• SISW 2002
• Sthack 2019
• THCon 2021 2023
• Troopers 2018 2020*
• IEEE TrustCom 2015
• UYBHYS 2020
• Virus Bulletin 2011 2013 2016 2017 2018 2019 2021 2022

Conferences & Journaux

By default, if no author name is mentioned, I’m the sole author.

2023

• Hacking for Ideas, THCon Keynote, Toulouse, April 2023. slides
• Hacking your Jump Rope or your Coffee Machine, Insomnihack, Lausanne, March 2023. slides and prog

2022

• Hunting the Android/BianLian botnet, Virus Bulletin, Prague, September 2022. link slides
• Unpacking de malware Android:
  • Vous n’écrirez plus de script Frida, BlackAlps, Yverdon-les-Bains, Novembre 2022. slides video
  • Unpacking 1, 2, 3!, Barbhack, Toulon, August 2022. slides and demo link. Talk and slides in French. Demo in English.

2021

• Touche pas à mon dossier médical, SecSea, La Ciotat, France, October 15, 2021. In French. slides
• Reverse Android malware like a Jedi Master, Virus Bulletin Conference (online), October 7-8, 2021. video, slides and paper
• Live reverse engineering of Android Malware:
  • Android/Oji at BSides Oslo - June 2021 - video
  • Android/Oji at THCon - June 2021 video at 01:33:00
  • Android/BrazKing at Mundo Hacker, online - April 2021
  • Android/BrazKing at AMUSEC - April 2021

2020

• Building and maintaining a honeypot for medical devices, BotConf (online), December 2020. slides video

• Malware and Cybercrime in Medical IoT, CCCC, September 14, 2020. slides

• A. Apvrille, T. Goodspeed: on glucose sensor:

  • Security analysis of a Connected Glucose Sensor for Diabetes, Technical report, June 2020 pdf
  • Pique curiosity, not diabetic fingers, Pass The Salt, July 2020 (virtual edition), slides
  • Capteur de glycémie connecté : les interdits, Barbhack, August 2020 in French,
  • Hacking de capteur de glycémie connecté, UYBHYS, November 2020 (online) video - starts at 54’45

• T. Goodspeed, A. Apvrille, NFC exploitation with the RF430RFL152 and ’TAL152, PoC || GTFO, volume, 20:03.

• Medical malware on Android (all talks are on the same topic, but with different samples analyzed)

  • SecSea, June 2020 (virtual edition) video
  • Nullcon Webinar, August 2020 video
  • NoHat, November 2020 video

• Hacking a Smart Coffee Machine:

  • Talk was accepted at Insomni’hack 2020, but cancelled due to COVID
  • BSides Munich, August 2020 (online) video slides video github tech report

• A. Apvrille, T. Goodspeed, A. Lakhani, Malware, Cybercrime and Vulnerabilities for Diabetic Patients. Talk was accepted at Troopers 2020, but cancelled due to COVID.

• A. Lakhani, A. Apvrille, Bringing Down the Empire: The Internet of Medical Things, RSA, San Francisco, USA, February 2020, slides

2019

• A. Apvrille, T. Goodspeed, The inner guts of a connected glucose sensor for diabetes, BlackAlps, Yverdon-les-Bains, Switzerland, November 2019. video slides GitHub
• Smartphone apps: let’s talk about privacy, Hack. Lu, Luxembourg, October 2019. video
• A. Apvrille, A. Lakhani, Medical IoT for diabetes and cybercrime, Virus Bulletin, London, UK, October 2019. paper
• Abusing cryptocurrencies on Android smartphone:
  • Insomni’hack, Geneva, Switzerland, March 2019 slides video
  • Sthack, Bordeaux, June 2019 slides

2018

• Cryptocurrency mobile malware, BlackAlps, Yverdon-les-Bains, Switzerland, November 2018 slides
• Junior CTF, Lightning Talk at Hack.Lu, Luxembourg, October, video slides
• Does Malware Based on Spectre Exist?, Virus Bulletin, July 2018 paper
• Are there Spectre-based malware on your Android smartphone?, Pass The Salt, Lille, France, July 2018, slides video
• A. Apvrille, P. Paget, Ph0wn smart devices CTF: Behind the Scenes, Insomni’hack, Geneva, Switzerland, March 2018, video
• Is my toothbrush really smart?, Troopers, Heidelberg, Germany, March 2018, slides

2017

• Android Reverse Engineering Tools: not the usual suspects, Virus Bulletin Conference, Madrid, Spain, October 2017 paper
• Ingénierie inverse d’une brosse à dents connectée, Symposium sur la sécurité des technologies de l’information et des communications (SSTIC), Rennes, 7-9 juin 2017 paper video (in French)

2016

• Infecting Internet of Things, DefCamp, Bucharest, Romania, November 2016 slides
• Mobile Applications: a Backdoor into Internet of Things?, Virus Bulletin Conference, Denver, USA, October 2016 paper
• Reversing Internet of Things from mobile applications:
  • Insomni’hack, Geneva, March 2016 slides
  • Area 41, June 2016 slides video

2015

• Geek usages for your Fitbit Flex tracker Hack.lu, Luxemburg, October 2015 slides
• Criminal Profiling: Android Malware, Nuit du Hack, Paris, June 20, 2015, slides
• Fitness Tracker: Hack in Progress:
  • Hack in Paris, Paris, June 18-19, 2015, slides
  • Hacktivity, October 2015 slides
• L. Apvrille, A. Apvrille, Identifying Unknown Android Malware with Feature Extractions and Classification Techniques, IEEE TrustCom, Helsinki, Finland, 20-22 August 2015 see here
• Pawn Storm: What’s Up on iOS devices?, Insomni’hack, Geneva, March 2015, slides
• A. Apvrille, L .Apvrille, SherlockDroid: a Research Assistant to Spot Unknown Malware in Android Marketplaces, Journal in Computer Virology and Hacking Techniques, vol. 11, no. 39, pages 1-11, 2015. paper DOI

2014

• A. Apvrille, L. Apvrille, SherlockDroid: an Inspector for Android Marketplaces, Hack.Lu, Luxembourg, October 21-24 2014, paper slides
• A. Apvrille, A. Albertini, Hide Android Applications in Images, BlackHat Europe, Amsterdam, NL, October 2014, 16-17 paper slides
• Inside the iOS/AdThief malware, Virus Bulletin, August 2014, online, pdf
• A. Apvrille, R. Nigam, Obfuscation in Android malware and how to fight back,
  • 8th International CARO Workshop, May 15-16, Florida, USA.
  • Virus Bulletin, July 2014 [pdf]](https://www.virusbtn.com/pdf/magazine/2014/vb201407-Android-obfuscation.pdf)
• Playing Hide and Seek with Dalvik Executables, Insomni’Hack, March 2014 slides

2013

• L. Apvrille, A. Apvrille, Pre-filtering Mobile Malware with Heuristic Techniques, GreHack, Grenoble, France, November 2013 paper slides
• Playing Hide and Seek with Dalvik Executables:
  • Hacktivity, Budapest, Hungary, October 2013
  • Hack.Lu, Luxembourg, October 2013, slides [paper]./hidex-hack.lu.pdf)
• K. de Pontevès, A. Apvrille, Analysis of Android In-App Advertisement Kits, Virus Bulletin Conference, pp. 133-138, Berlin, Germany, October 2013. slides

2012

• Guns and Smoke to Defeat Mobile Malware, Hashdays, Lucerne, Switzerland, November 2-3 2012. slides
• A. Apvrille, G. Lovet, An Attacker’s Day into Virology: Human vs Computer, BlackHat Europe, Amsterdam, The Netherlands, March 14-16 2012, paper slides
• Android Reverse Engineering Tools, Insomni’Hack 2012, Geneva, Switzerland, March 2, 2012 slides
• A. Apvrille, T. Strazzere, Reducing the Window of Opportunity for Android Malware:
  • in Proceedings of the 21st EICAR Annual Conference, pp. 131-149, Lisbon, Portugal, May 7-8, 2012 paper slides
  • in Journal in Computer Virology 2021, link, DOI: 10.1007/s11416-012-0162-3
• Symbian worm Yxes: towards mobile botnets?, Journal in Computer Virology, 2012, link, DOI: 10.1007/s11416-012-0163-2

2011

• Cryptography for Mobile Malware Obfuscation, RSA Europe, London, UK, October 2011. slidesdemo video
• An OpenBTS GSM Replication Jail for Mobile Malware, Virus Bulletin Conference, pp. 86-94, Barcelona, Spain, October 2011. paper slides demo video. Copyright is held by Virus Bulletin Ltd but made available on this site for personal use free of charge by permission of Virus Bulletin.
• Mobile Malware in Practice, Insomni’Hack, Geneva, Switzerland, March 4, 2011, slides
• A. Apvrille, K. Yang, Defeating mTANs for profit:
  • ShmooCon 2011, Washington DC, USA, January 28-30 2011, slides
  • Virus Bulletin, pp. 6-10, March 2011 online
• OpenBTS for dummies v0.5, April 2011, Technical report

2010

• Symbian Worm Yxes: Towards Mobile Botnets?, in Proceedings of the 19th EICAR Annual Conference, pp. 31-54, Paris, France, May 8-11, 2010 (Best Paper Award) paper slides
• A. Apvrille, J. Zhang, Four Malware and a Funeral, in Proceedings of 5th Conf. on Network Architectures and Information Systems Security SAR-SSI, Menton, France, May 18-21, 2010.
• The Four Horsemen, CONFidence Krakow, Poland, May 24-26, 2010 slides

2006

• L. Apvrille, P. de Saqui-Sannes, R. Pacalet et A. Apvrille, Un environnement de conception de systèmes distribués basé sur UML, Annals of Telecommunications, Vol. 61, n 11/12, pp. 1347-1368, Nov. 2006 abstract

2005

• L. Apvrille, P. de Saqui-Sannes, A. Apvrille, Une méthodologie de conception des systèmes distribués basée sur UML, Actes de la 5ème conférence sur les nouvelles technologies de la répartition NOTERE’05, p 217-214, Gatineau, QC, Canada, 29 août - 1er septembre 2005.
• A. Apvrille, M. Pourzandi, Secure Software Development by Example, IEEE Security & Privacy, vol. 3, no. 4, July/August, 2005, pp. 10-17. link
• A. Apvrille, D. Gordon, DigSig novelties, Libre Software Meeting, Security Topic, July 4-9 2005 slides

2004

• A. Apvrille, M. Pourzandi, XML Distributed Security Policy for Clusters, Computers & Security Journal (COSE91), Elsevier, vol. 23, no. 8, pp 649-658, December 2004 - abstract
• A. Apvrille, M. Pourzandi, Trusted Computing in Linux: status, Linux World magazine, Vol. 2, No. 12, December 2004
• A. Apvrille, D. Gordon, S. Hallyn, M. Pourzandi, V. Roy, DigSig: Runtime Authentication of Binaries at the Kernel Level, in the Proceedings of the 18th Large Installation System Administration Conference LISA, pp. 59-66, Atlanta, November 14-19 2004 lien
• M. Pourzandi, A. Apvrille, Setting up Virtual Security Zones in a Linux Cluster, Linux Journal, Issue 126, October 2004 html
• A. Apvrille, M. Pourzandi, D. Gordon, V. Roy, Stop Malicious Code Execution at Kernel-Level, Linux World magazine, Vol. 2, No. 1, January 2004.

2003

• M. Pourzandi, A. Apvrille, E. Gingras, A. Medenou, D. Gordon, Distributed Access Control for Carrier Class Clusters, Parallel and Distributed Processing Techniques and Applications PDPTA’03 conference, Las Vegas, June 2003.

2002

• A. Apvrille, J. Hughes, V. Girier,Streamed or Detached Triple Integrity for a Time Stamped Secure Storage System, First International IEEE Security in Storage Workshop (SISW’2002), Greenbelt, Maryland, USA, December 2002, pdf
• A. Apvrille, V. Girier, XML Security Time Stamping Protocol, Information Security Solutions Europe conference (ISSE’02), Paris, October 2002, pdf
• A. Apvrille, J. Hughes, A Time Stamped Virtual WORM System, SEcurité de la Communication ur Internet workshop (SECI’02), Tunis, Tunisia, September 2002, pdf
• Programmation sécurisée sous Java : retour d’expérience, OSSIR RESIST, September 2002, slides
• L’horodatage sécurisé : état de l’art et applications, OSSIR RESIST, June 2002. slides

Workshops, Trainings

Training / workshops on Android reverse engineering

• 16 hours at RingZer0 in August 2021, February 2022 and February 2023
• 12 hours at Nullcon Goa 2021 in September 2021
• 3 hours at NorthSec, in May 2021 (online) video - title: Reverse Android malware for the Smart and Lazy
• 3 hours at Hack Lu, October 2018 data
• 1h30 with 2 tracks: beginners & advanced. Android malware reverse engineering for the Brave at Virus Bulletin, October 2018
• 2 hours at Grehack, November 2017. Hello, Android Malware Reversing!. For beginners.
• 2 hours at XVeme Nuit du Hack, June 2017, Say hello to Android malware reverse engineering. For beginners.
• 5 hours at Insomni’hack, March 2017 slides
• 3 hours at Hack.Lu, October 2016, slides

Other topics

• Junior CTF Install Party: a workshop at Hack.Lu, October 2019. slides

Diamond Editions (in French)

MISC Magazine

• Utilisation malveillante de l’API d’accessibilité sur Android, MISC no. 122, Juillet 2022, shop
• Rançon sur téléphone mobile : les entrailles d’Android/Koler, MISC, no. 107, January-February 2020
• Analyse de la sécurité d’un capteur de glucose, MISC, no. 106, November-December 2019
• Rétro-ingénierie d’applications Android avec Androguard, MISC, no. 92, July 2017, shop
• Les objets connectés peuvent-ils être infectés?, MISC, Hors Série no. 15 : Sécurité des objects connectés. shop
• Analyse de la sécurité d’un bracelet sportif, MISC no. 87, p. 76, Septembre-Octobre 2016
• L. Apvrille, A. Apvrille, P. Bogossian, Retour d’expérience sur quelques épreuves de Hack.lu 2013, MISC, no. 73, p. 50-86, May-June 2014. shop
• Détenu virus mobile : nous avons les moyens de vous faire parler ! MISC, Hors série, no. 5, p. 80, April - May 2012
• Le virus Symbian RommWar à la loupe, MISC, no. 46, p. 42-49, November-December 2009. shop
• La sécurité des Wikis, MISC, no. 44, p. 76-82, July-August 2009
• Conception et architecture de la bibliothèque cryptographique d’OpenSSL, MISC, no. 32, p. 52-60, July-August 2007
• Protéger les messages applicatifs avec XML Security ou PKCS, MISC no 25, May-June 2006.
• Des erreurs dans mon code sécurisé, où ça ?!, MISC, no. 16-17, November 2004 - January 2005
• L’ASN.1 par l’exemple dans les certificats X.509, MISC, no. 15, September - October 2004
• A. Apvrille, M. Pourzandi, Protéger un réseau de machines distribuées contre un débordement de buffer… d’un seul coup, MISC, no. 7, May-June 2003

Hackable Magazine

• Piloter sa cafetière connectée, Hackable no. 33, April-June 2020 shop
• Fabriquez votre T-shirt interactif avec un Lilypad Arduino Hackable, no. 21, p. 96, November-December 2017 shop
• A. Apvrille, L. Apvrille, Ventilation controlée par des framboises, Hackable, no. 11, p. 32, March-April 2016. link
• A. Apvrille, L. Apvrille, Contrôler sa chaudière à distance avec un Raspberry Pi, Hackable, no.8, p.60, September-October 2015

Blog Posts

2022

• Virus Bulletin Conference 2022 Day 1, Day2, Day 3, October 2022
• English accent for Frogs, July 5, 2022
• Androscope, June 28, 2022
• Unpacking a JsonPacker-packed sample, June 27, 2022
• Tracking Android/Joker payloads with Medusa, static analysis (and patience), June 20, 2022
• Quick look into a new sample of Android/BianLian, June 9, 2022
• Reversing an Android sample which uses Flutter, May 12, 2022
• Warning: GRIM and Magnus Android Botnets are Underground, April 28, 2022
• Android/BianLian Botnet Trying to Bypass Photo TAN use for Mobile Banking, April 13, 2022
• Live reverse engineering of a trojanized medical app - Android/Joker, March 8, 2022
• BianLian C2 domain name, January 25, 2022
• Creating a safe dummy C2 to test Android bots, January 21, 2022
• Android/BianLian payload, January 17, 2022
• Multidex trick to unpack Android/BianLian, January 14, 2022

2021

• Investigating Android malware with Pithus, July 13, 2021
• A basic test locker for Android, July 6, 2021
• A blind try of MobSF over a suspicious Android sample, May 26, 2021
• A native packer for Android/Moqhao, May 19, 2021
• Android/Oji worm fake COVID 19 vaccine registration campaign, May 3, 2021
• Android/Flubot: preparing for a new campaign?, March 29, 2021
• Quark on an Android malware: how good was it? My opinion!, February 9, 2021
• An apparently benign app distribution scheme which has all it takes to turn (very) ugly, February 2, 2021

2020

• Decrypting strings with a JEB script, December 17, 2020
• Unpacking an Android malware with Dexcalibur and JEB, December 16, 2020
• Customizing your Cowrie honeypot, November 3, 2020
• Into Android Meterpreter and how the malware launches it - part 2, Sept 25, 2020
• Locating the Trojan inside an infected COVID-19 contact tracing app, September 18, 2020
• CnC communication of a fake Aarogya Setup COVID-19 app, August 14, 2020
• Reversing V-Alert COVID-19 Android/BankBot: part 1, part 2, May 12, 2020
• Android malware targets diabetic patients, January 31, 2020

2019

• A Mobile Bitcoin Miner? Really?, February 25, 2019

2018

• Fortinet Discovers New Android Apps that Mine the Unminable
• An Android Package is no longer a ZIP, August 23, 2018
• Android/BondPath: a Mature Spyware, August 23, 2018
• Recent Security Research News, June 28, 2018
• You Will Fall For This One Day…, April 9, 2018
• Fortinet at Insomni’hack 2018, March 28, 2018
• Troopers Day 2, Day 1 March 14-16, 2018
• Into the Implementation of Spectre, January 17, 2018
• Security Research News in Brief - November 2017 Edition, January 14, 2018

2017

• Ph0wn: The 1st CTF of Smart Devices is Over! December 7, 2017
• Ph0wn: A CTF Dedicated to Smart Devices, November 27, 2017
• Security Research News in Brief - October 2017 Edition, November 9, 2017
• Security Research News in Brief - August 2017 Edition, October 19, 2017
• Blueborne: Technical Insight , September 19, 2017
• Security Research News in Brief - July 2017 Edition, September 7, 2017
• Analyzing Android malware using a FortiSandbox, August 17, 2017
• NSE Experts Academy CTF ,July 30, 2017
• SSTIC in a nutshell, July 4, 2017
• Security Research News In Brief - May 2017 editi , June 22, 2017
• Zero patch IoT envirment , May 17, 2017
• Security Research News In Brief - April 2017 edition , May 10, 2017
• Security Research News In Brief - March 2017 edition , Mar 24, 2017
• Teardown of a recent variant of Android/Ztorg part 1 and part 2, Mar 15, 2017
• You don’t need to break my heart , Feb 27, 2017

2016

• Reading your tracker’s battery level with a standard Bluetooth 4.0 USB dgle , Dec 9, 2016
• Disassembling Linux/Mirai.B!worm, Dec 8, 2016
• Hackath Sophia Antipolis 2016, Nov 29, 2016
• DefCamp 2016, Nov 18, 2016
• Where I nearly w a cnected coffee machine at DefCamp 2016, Nov 17, 2016
• IoT-based Linux/Mirai: Frequently Asked Questis, Oct 31, 2016
• Hack.Lu 2016 Wrap Up, Oct 25, 2016
• IoT malware are coming. Will you listen to me know?, Oct 24, 2016
• Pebble Smartwatch Talk at Virus Bulletin 2016, Oct 14, 2016
• Risks or not behing Pokém GO, August 11, 2016
• Pokémon GO Plus review through reverse engineering, August 11, 2016
• Android adware trying to deceive the analyst, May 20, 2016
• Your Gossip Is Public, April 22, 2016
• WhatsApp vs Telegram, April 15, 2016
• Insomni’hack 2016, March 25, 2016
• Bad Mirror: New Android Malware family spotted by SherlockDroid, March 7, 2016

2015

• Hacktivity 2015 October 14, 2015
• CryptoGirl StageFright: A Detailed Explanation August 25, 2015
• StageFright, Telegram Stage-Left & WhatsApp Stage-Right August 14, 2015
• Locker, an Android ransomware full of surprises August 11, 2015
• Want Everybody to Know You’re Flirting? This App is For You! July 25, 2015
• Insurance Fraud via Internet of ThingsJuly 9, 2015
• Nuit du Hack 2k15 June 25, 2015
• Hack in Paris 2015 June 24, 2015
• Android Security Report in Far Less Than 44 Pages April 17, 2015
• InsomniDroid Part 2: Write Up April 4, 2015
• Insomni’Hack iOS challenges March 26, 2015
• Insomni’hack CTF write up March 25, 2015
• Insomni’hack 2015 March 23, 2015
• Investigating PawnStorm for iPhone February 13, 2015
• Aggressive Riskware Installati Amaz Kindle (and Android) January 12, 2015

2014

• Inside Hack.Lu 2014 November 10, 2014
• Android Emmental, Adding Cheese in Emmental Holes October 30, 2014
• Inside BlackHat Europe 2014 October 29, 2014
• 0wning Emmental October 20, 2014
• Android Packers Talk at Hacktivity October 9, 2014
• My Day Unbricking a Friend’s Phe September 17, 2014
• Want everybody to know you’re flirting? this app is for you! July 25, 2014
• Clean for the phe, but not clean in the code July 7, 2014
• iOS Malware Does Exist, June 9, 2014
• AngeCrypti at Insomni’Hack, March 31, 2014
• Mobile Advertisement Serving Fake Anti-Virus and App Over Billing Spanish newspaper, March 14, 2014
• New Drive By Download Android Malware, February 17, 2014
• Malware or Spam Campaign Internet of Things, January 27, 2014

2013

• Sophisticated DEX obfuscati or Proguard configuration issue?, December 16, 2013
• RATP Android Application Privacy: Status, December 2, 2013
• Alligator at GreHack, November 14, 2013
• Hack.lu Capture The Flag (CTF)- RoboAuth, October 29, 2013
• Hacktivity 2013: Keynotes, October 17, 2013
• VB 2013- Day 3, October 14, 2013
• VB 2013- Day 2, October 11, 2013
• VB 2013- Day 1, October 10, 2013
• iPhe 5S: Inside the Secure Enclave, September 16, 2013
• NSA’s (and GCHQ) Decryption Capabilities: Truth and Lies, September 6, 2013
• Alligator detects GPS leaking adware, August 2, 2013
• Mobile Malware Gets in the Top 10 Viruses, July 29, 2013
• Millis of SIM cards vulnerable to remote compromise, July 24, 2013
• Don’t Send Your SMS Scam to an AntiVirus Analyst
  (http://blog.fortinet.com), July 17, 2013
• I am Datarmined to secure my Facebook posts, July 8, 2013
• An Anti-Virus Analyst’s Day (or Hour) into Firefox OS, June 20, 2013
• NSA Has Large Disks, June 10, 2013
• 11M for a simple cference program applicati, May 27, 2013
• 1,000 malicious Android samples per day, May 13, 2013
• Finding Similarities and Differences at DEX level, May 6, 2013

2012

• EuroGrabber is Zitmo , December 7, 2012
• Hashdays Android Challenge: the Solution, November 23, 2012
• Hashdays Arduino Badge November 9, 2012
• Hashdays 2012 wrap-up November 7, 2012
• [FortiGuard’sblog][Advanced Tools for Android Reverse Engineering](http://blog.fortiguard.com/advanced-tools-for-android-reverse-engineering/) November 5, 2012
• Hashdays Android Challenge: Win a FortiGate <ahref="http://blog.fortiguard.com/), October 29, 2012
• Hashdays challenge by Fortinet to begin Oct 29, 2012, October 23, 2012
• Android/Fakemart’s end: authors has been identified October 19th, 2012
• Android malware distributed by malicious SMS in France September 21st, 2012.
• Making mey out of Android/Fakemart September 3, 2012.
• Dalvik Executable (DEX) Embedded in another DEX! August 23, 2012.
• Android byte-code obfuscati challenge July 30th, 2012.
• Ctrolling Android/Zitmo by SMS commands July 21st, 2012
• StarCraft culture to understand Android June 19th, 2012
• Tracking Android/Fcy- June 6th, 2012.
• Back from EICAR 2012- May 25th, 2012. -(http://blog.fortiguard.com/droidkungfu-is-getting-smarter-hopefully-so-am-i/">DroidKungFu is getting smarter (hopefully, so am I)- May 11th, 2012.
• Mobile Botnets: We Had Told You So- April 20th, 2012.

2011

• Analyzing CarrierIQ’s defense, December 20th, 2011.
• Android/Fcy emanating and propagating in France, December 15, 2011.
• CarrierIQ Android- FAQ December 13, 2011.
• Levitator: Root your Android phe November 25th, 2011.
• OpenBTS for Mobile Malware Analysis, November 17th, 2011.
• Symbian malware uses a 91-byte XOR key, November 8th, 2011.
• Clarifying Android/DroidKungFu variants, October 26th, 2011.
• VB 2011 talks, part 3 and end, October 25th, 2011.
• VB 2011 talks, part 2, October 18th, 2011.
• VB 2011 talks, part 1, October 12th, 2011.
• QR code and mobile malware: it happened!, October 3rd, 2011.
• Spitmo gets Android: mini-FAQ, September 16th, 2011.
• Android/Zitmo: an Update, July 18, 2011.
• Zitmo hits Android, July 8, 2011.
• Android/CruseWin carries a malicious kill switch, July 4, 2011.
• Android/DroidKungFu: attacking from a mobile device?, June 16, 2011.
• Android/DroidKungFu uses AES encrypti, June 9, 2011.
• Android/Smspacem under the microscope, May 30, 2011.
• Airpush… pushes the envelope, May 17, 2011.
• iPhe Tracking, April 21, 2011.
• Mobile Malware Statistics, March 28, 2011.
• How Android/Fake10086 selectively blocks SMS- step by step, March 10, 2011.
• Android/DroidDream uses two vulnerabilities, March 3, 2011.
• Hacking Mobile Phe Statistics, March 1, 2011.
• What’s new in Zitmo.B?, February 23, 2011.
• ShmooC 2011 Debriefing, February 9, 2011.
• Mobile phishing related to Yxes, January 12, 2011.

2010

• Hidden feature in Android spyware, November 12, 2010.
• Symbian malware and Internet Access Points, November 4, 2010.
• Zitmo Follow Up: From Spyware to Malware, September 28, 2010.
• Zeus In The Mobile (Zitmo): Online Banking’s Two Factor Authenticati Defeated- , September 27, 2010
• You can’t judge a book by its cover, September 7, 2010.
• iPhe 4 / iPad: the Keys Out of Pris, August 5, 2010.
• Mobile Malware Sends WAP Push SMS, August 3, 2010.
• Symbian Signed Mobile Malware: One Gang?, July 29, 2010.
• SymbOS/Album One Step Closer To Mobile Botnets, July 15, 2010.
• SymbOS/Album Follows the Path of SymbOS/Yxes, July 8, 2010.
• How to send an SMS- the geeky way, June 7, 2010.
• EICAR 2010: Presentati Round-Up, June 4, 2010.
• Airport flight schedule crash (unharmful), May 25, 2010.
• WinCE/Terdial or impunity for dialers, May 17, 2010.
• No, the iPad is NOT hacked, May 3, 2010.
• Reversing the Symbian Enoriv malware, April 13th 2010.
• SymbOS/Yxes goes versi 2, March 4th 2010.
• 10 Predictis for Mobile Malware in 2010, January 28th 2010.
• Malicious Transfer of IM3 funds: the Return, January 26th 2010.

2009 and before

• Duh’s not malicious, dude!, December 10th 2009.
• Securing your jailbroken iPhe, December 2nd 2009.
• John Doe’s Credentials, November 16th 2009.
• Targeted Spam: an Unfair Blow to Security, November 5th 2009.
• When Your Phe Becomes Your Worst Enemy, October 27th 2009.
• Keep your phe healthy: H1N1 vs. SymbOS/Yxes, October 13th 2009.
• Transmitter.C is not Yxes.E, August 26th 2009.
• Symbian Certificates or How SymbOS/Yxes got Signed, August 4th 2009.
• SymbOS/Yxes or downloading customized ctent, July 21st 2009.
• Detecting spyware for iPhes, July 16th 2009.
• Friendly’ spam: A trick for managing unwanted emails from family, friends , June 25 2009.
• June 9th, 2009, Trash CRC32
• April 21, 2009, 2D Codes: Lowering the “bar” for mobile threats ?
• April 13, 2009, Attacking stamps for fun and profit ?
• March 9, 2009, Flocker virus writer’s name found via Google? Or privacy issue?
• February 23, 2009, A cryptographer’s eye antivirus analysis

Miscellaneous

Challenges

• I am the lead organizer of Ph0wn CTF. This CTF is dedicated to smart devices. Its first edition was in 2017.

I designed a few crackme if you feel like trying:

• Hashdays 2012 Android Challenge: apk blog post blog post 2 solution
• Insomni’hack 2012 CTF: apk solution
• Basic Firefox OS CrackMe
• I also designed some challenges for GreHack 2018 and 2019, THCon 2021….

I play in the pic0wn CTF team (a very small but fun team) and Soudure au Beurre

• THCon CTF 2023: 11
• Insomni’hack CTF 2023: 12 (with Soudure Au Beurre)
• GreHack CTF 2022: 1 (with Soudure Au Beurre)
• Hack.lu CTF 2021: 89
• Bambi CTF 2021 (attack & defense): 46
• Hack.lu CTF 2020: 81
• Insomni’hack CTF 2019: 23 (with mushd00m team)
• Hack.lu CTF 2018: 49
• Insomni’hack CTF 2017: 56
• Vulnerability identified at the IoT Village competition in DefCamp 2016 (to my knowledge, only 3 were identified by all competitors)
• Hack.lu CTF 2015: 83 (6th local team)
• SSTIC 2015: 3rd in 0-Rulez our solution was mentioned as the most original :)
• Insomni’hack CTF 2015: 30
• Hack.lu CTF 2014: 161 (5th ‘local’ team)
• Hack.lu CTF 2013: 97 (6th ‘local’ team)
• … a long time ago (2003) challenge SecuriTech: 42

Podcast

• Sécurité des objets connectés, sur NoLimitSecu, October 30, 2016. In French.

Memberships

Program Committee:

• Nullcon since 2018
• GreHack 2016 - 2018, 2020 - 2021. I was PC co-chair of GreHack 2019.
• Virus Bulletin conference, reviewer since 2016
• Virus Bulletin Advisory Board since 2018
• WiSec 2014 posters
• IEEE ClusterSec’06 Workshop

Misc:

• Android Security Acknowledgements in 2014.

Patents

• 2001 Data integrity check method using cumulative hash function 10/034706
• 2001 Upgradeable time stamp mechanism 10/027341
• 2001 Virtual worm method and system 10/034,055
• 2001 Method and system for providing a secure time reference in a worm 10/034709
• 2002 Method and system for timestamped virtual worm in a SAN 10/202,067
• 2002 Secure E-mail Timestamping 10/184477
• 2003 Method and computer system operated software application for digital signature 10/740484
• 2005 Method and system for managing electronic data content WO2007074232
• 2005 Procédé et système d’analyse de page FR2895817
• 2005 Method for creating a secure counter on an on-board computer system comprising a chip card WO2007080289
• 2005 Method for authenticating applications of a computer system WO2007077362
• 2006 Système et procédé de sécurisation de données WO/2008/037895
• 2006 Systèmes electroniques sécurisés, procédés de sécurisation et utilisations de tels systèmes WO2008096076
• 2008 Procédé de vérification de l’intégralité d’une mémoire EEPROM FR2933791
• 2016 Augmented reality visualization device for network security US20180077200A1