Conferences I spoke at:
Conferences & Journaux
By default, if no author name is mentioned, I’m the sole author. 2022
Hunting the Android/BianLian botnet, Virus Bulletin, Prague, September 2022. link slides Unpacking de malware Android:
You won’t ever write Frida scripts again (actually, yes, you will, it’s just a fancy title), BlackAlps, Yverdon-les-Bains, Switzerland, November 2022. slides. Slides in English, talk in French.
Unpacking 1, 2, 3!, Barbhack, Toulon, August 2022. slides and demo link. Talk and slides in French. Demo in English. 2021
Touche pas à mon dossier médical, SecSea, La Ciotat, France, October 15, 2021. In French. slides
Reverse Android malware like a Jedi Master, Virus Bulletin Conference (online), October 7-8, 2021. video, slides and paper
Live reverse engineering of Android Malware:
Building and maintaining a honeypot for medical devices, BotConf (online), December 2020. slides video
Malware and Cybercrime in Medical IoT, CCCC, September 14, 2020. slides
A. Apvrille, T. Goodspeed: on glucose sensor:
Security analysis of a Connected Glucose Sensor for Diabetes, Technical report, June 2020 pdf
Pique curiosity, not diabetic fingers, Pass The Salt, July 2020 (virtual edition), slides
Capteur de glycémie connecté : les interdits, Barbhack, August 2020 in French,
Hacking de capteur de glycémie connecté, UYBHYS, November 2020 (online) video - starts at 54’45
T. Goodspeed, A. Apvrille,
NFC exploitation with the RF430RFL152 and ’TAL152, PoC || GTFO, volume, 20:03.
Medical malware on Android (all talks are on the same topic, but with different samples analyzed)
SecSea, June 2020 (virtual edition)
video Nullcon Webinar, August 2020
video NoHat, November 2020
Hacking a Smart Coffee Machine:
A. Apvrille, T. Goodspeed, A. Lakhani,
Malware, Cybercrime and Vulnerabilities for Diabetic Patients. Talk was accepted at Troopers 2020, but cancelled due to COVID.
A. Lakhani, A. Apvrille,
Bringing Down the Empire: The Internet of Medical Things, RSA, San Francisco, USA, February 2020, slides 2019
A. Apvrille, T. Goodspeed,
The inner guts of a connected glucose sensor for diabetes, BlackAlps, Yverdon-les-Bains, Switzerland, November 2019. video slides GitHub
Smartphone apps: let’s talk about privacy, Hack. Lu, Luxembourg, October 2019. video A. Apvrille, A. Lakhani,
Medical IoT for diabetes and cybercrime, Virus Bulletin, London, UK, October 2019. paper
Abusing cryptocurrencies on Android smartphone:
Insomni’hack, Geneva, Switzerland, March 2019
slides video Sthack, Bordeaux, June 2019
Cryptocurrency mobile malware, BlackAlps, Yverdon-les-Bains, Switzerland, November 2018 slides
Junior CTF, Lightning Talk at Hack.Lu, Luxembourg, October, video slides
Does Malware Based on Spectre Exist?, Virus Bulletin, July 2018 paper
Are there Spectre-based malware on your Android smartphone?, Pass The Salt, Lille, France, July 2018, slides video A. Apvrille, P. Paget,
Ph0wn smart devices CTF: Behind the Scenes, Insomni’hack, Geneva, Switzerland, March 2018, video
Is my toothbrush really smart?, Troopers, Heidelberg, Germany, March 2018, slides 2017
Android Reverse Engineering Tools: not the usual suspects, Virus Bulletin Conference, Madrid, Spain, October 2017 paper
Ingénierie inverse d’une brosse à dents connectée, Symposium sur la sécurité des technologies de l’information et des communications (SSTIC), Rennes, 7-9 juin 2017 paper video (in French) 2016
Infecting Internet of Things, DefCamp, Bucharest, Romania, November 2016 slides
Mobile Applications: a Backdoor into Internet of Things?, Virus Bulletin Conference, Denver, USA, October 2016 paper
Reversing Internet of Things from mobile applications:
Geek usages for your Fitbit Flex tracker Hack.lu, Luxemburg, October 2015 slides
Criminal Profiling: Android Malware, Nuit du Hack, Paris, June 20, 2015, slides
Fitness Tracker: Hack in Progress:
Hack in Paris, Paris, June 18-19, 2015,
slides Hacktivity, October 2015
slides L. Apvrille, A. Apvrille,
Identifying Unknown Android Malware with Feature Extractions and Classification Techniques, IEEE TrustCom, Helsinki, Finland, 20-22 August 2015 see here
Pawn Storm: What’s Up on iOS devices?, Insomni’hack, Geneva, March 2015, slides A. Apvrille, L .Apvrille,
SherlockDroid: a Research Assistant to Spot Unknown Malware in Android Marketplaces, Journal in Computer Virology and Hacking Techniques, vol. 11, no. 39, pages 1-11, 2015. paper DOI 2014
A. Apvrille, L. Apvrille,
SherlockDroid: an Inspector for Android Marketplaces, Hack.Lu, Luxembourg, October 21-24 2014, paper slides A. Apvrille, A. Albertini,
Hide Android Applications in Images, BlackHat Europe, Amsterdam, NL, October 2014, 16-17 paper slides
Inside the iOS/AdThief malware, Virus Bulletin, August 2014, online, pdf A. Apvrille, R. Nigam,
Obfuscation in Android malware and how to fight back,
CARO Workshop, May 15-16, Florida, USA. Virus Bulletin, July 2014 [pdf]](https://www.virusbtn.com/pdf/magazine/2014/vb201407-Android-obfuscation.pdf)
Playing Hide and Seek with Dalvik Executables, Insomni’Hack, March 2014 slides 2013
L. Apvrille, A. Apvrille,
Pre-filtering Mobile Malware with Heuristic Techniques, GreHack, Grenoble, France, November 2013 paper slides
Playing Hide and Seek with Dalvik Executables:
Hacktivity, Budapest, Hungary, October 2013
Hack.Lu, Luxembourg, October 2013,
slides [paper]./hidex-hack.lu.pdf) K. de Pontevès, A. Apvrille,
Analysis of Android In-App Advertisement Kits, Virus Bulletin Conference, pp. 133-138, Berlin, Germany, October 2013. slides 2012
Guns and Smoke to Defeat Mobile Malware, Hashdays, Lucerne, Switzerland, November 2-3 2012. slides A. Apvrille, G. Lovet,
An Attacker’s Day into Virology: Human vs Computer, BlackHat Europe, Amsterdam, The Netherlands, March 14-16 2012, paper slides
Android Reverse Engineering Tools, Insomni’Hack 2012, Geneva, Switzerland, March 2, 2012 slides A. Apvrille, T. Strazzere,
Reducing the Window of Opportunity for Android Malware:
in Proceedings of the 21st
EICAR Annual Conference, pp. 131-149, Lisbon, Portugal, May 7-8, 2012 paper slides in Journal in Computer Virology 2021,
link, DOI: 10.1007/s11416-012-0162-3
Symbian worm Yxes: towards mobile botnets?, Journal in Computer Virology, 2012, link, DOI: 10.1007/s11416-012-0163-2 2011
Cryptography for Mobile Malware Obfuscation, RSA Europe, London, UK, October 2011. slides demo video
An OpenBTS GSM Replication Jail for Mobile Malware, Virus Bulletin Conference, pp. 86-94, Barcelona, Spain, October 2011. paper slides demo video. Copyright is held by Virus Bulletin Ltd but made available on this site for personal use free of charge by permission of Virus Bulletin.
Mobile Malware in Practice, Insomni’Hack, Geneva, Switzerland, March 4, 2011, slides A. Apvrille, K. Yang,
Defeating mTANs for profit:
ShmooCon 2011, Washington DC, USA, January 28-30 2011,
slides Virus Bulletin, pp. 6-10, March 2011
OpenBTS for dummies v0.5, April 2011, Technical report 2010
Symbian Worm Yxes: Towards Mobile Botnets?, in Proceedings of the 19th EICAR Annual Conference, pp. 31-54, Paris, France, May 8-11, 2010 ( Best Paper Award) paper slides A. Apvrille, J. Zhang, Four Malware and a Funeral, in Proceedings of 5th Conf. on Network Architectures and Information Systems Security
SAR-SSI, Menton, France, May 18-21, 2010.
The Four Horsemen, CONFidence Krakow, Poland, May 24-26, 2010 slides 2006
L. Apvrille, P. de Saqui-Sannes, R. Pacalet et A. Apvrille, Un environnement de conception de systèmes distribués basé sur UML, Annals of Telecommunications, Vol. 61, n 11/12, pp. 1347-1368, Nov. 2006
L. Apvrille, P. de Saqui-Sannes, A. Apvrille, Une méthodologie de conception des systèmes distribués basée sur UML, Actes de la 5ème conférence sur les nouvelles technologies de la répartition
NOTERE’05, p 217-214, Gatineau, QC, Canada, 29 août - 1er septembre 2005. A. Apvrille, M. Pourzandi, Secure Software Development by Example,
IEEE Security & Privacy, vol. 3, no. 4, July/August, 2005, pp. 10-17. link A. Apvrille, D. Gordon, DigSig novelties,
Libre Software Meeting, Security Topic, July 4-9 2005 slides 2004
A. Apvrille, M. Pourzandi, XML Distributed Security Policy for Clusters, Computers & Security Journal (COSE91), Elsevier, vol. 23, no. 8, pp 649-658, December 2004 -
abstract A. Apvrille, M. Pourzandi,
Trusted Computing in Linux: status, Linux World magazine, Vol. 2, No. 12, December 2004 A. Apvrille, D. Gordon, S. Hallyn, M. Pourzandi, V. Roy, DigSig: Runtime Authentication of Binaries at the Kernel Level, in the Proceedings of the 18th Large Installation System Administration Conference
LISA, pp. 59-66, Atlanta, November 14-19 2004 lien M. Pourzandi, A. Apvrille,
Setting up Virtual Security Zones in a Linux Cluster, Linux Journal, Issue 126, October 2004 html A. Apvrille, M. Pourzandi, D. Gordon, V. Roy,
Stop Malicious Code Execution at Kernel-Level, Linux World magazine, Vol. 2, No. 1, January 2004. 2003
M. Pourzandi, A. Apvrille, E. Gingras, A. Medenou, D. Gordon,
Distributed Access Control for Carrier Class Clusters, Parallel and Distributed Processing Techniques and Applications PDPTA’03 conference, Las Vegas, June 2003. 2002
A. Apvrille, J. Hughes, V. Girier,Streamed or Detached Triple Integrity for a Time Stamped Secure Storage System, First International IEEE Security in Storage Workshop (SISW’2002), Greenbelt, Maryland, USA, December 2002,
pdf A. Apvrille, V. Girier, XML Security Time Stamping Protocol, Information Security Solutions Europe conference (ISSE’02), Paris, October 2002,
pdf A. Apvrille, J. Hughes, A Time Stamped Virtual WORM System, SEcurité de la Communication ur Internet workshop (SECI’02), Tunis, Tunisia, September 2002,
Programmation sécurisée sous Java : retour d’expérience, OSSIR RESIST, September 2002, slides
L’horodatage sécurisé : état de l’art et applications, OSSIR RESIST, June 2002. slides Workshops, Trainings
Training / workshops on Android reverse engineering
16 hours at
RingZer0 in August 2021 and February 2022 12 hours at
Nullcon Goa 2021 in September 2021 3 hours at NorthSec, in May 2021 (online)
video - title: Reverse Android malware for the Smart and Lazy 3 hours at Hack Lu, October 2018
data 1h30 with 2 tracks: beginners & advanced.
Android malware reverse engineering for the Brave at Virus Bulletin, October 2018 2 hours at Grehack, November 2017.
Hello, Android Malware Reversing!. For beginners. 2 hours at XVeme Nuit du Hack, June 2017,
Say hello to Android malware reverse engineering. For beginners. 5 hours at Insomni’hack, March 2017
slides 3 hours at Hack.Lu, October 2016,
slides Other topics
Junior CTF Install Party: a workshop at Hack.Lu, October 2019. slides Diamond Editions (in French)
Utilisation malveillante de l’API d’accessibilité sur Android, MISC no. 122, Juillet 2022, shop
Rançon sur téléphone mobile : les entrailles d’Android/Koler, MISC, no. 107, January-February 2020
Analyse de la sécurité d’un capteur de glucose, MISC, no. 106, November-December 2019
Rétro-ingénierie d’applications Android avec Androguard, MISC, no. 92, July 2017, shop
Les objets connectés peuvent-ils être infectés?, MISC, Hors Série no. 15 : Sécurité des objects connectés. shop
Analyse de la sécurité d’un bracelet sportif, MISC no. 87, p. 76, Septembre-Octobre 2016 L. Apvrille, A. Apvrille, P. Bogossian, Retour d’expérience sur quelques épreuves de Hack.lu 2013, MISC, no. 73, p. 50-86, May-June 2014.
Détenu virus mobile : nous avons les moyens de vous faire parler ! MISC, Hors série, no. 5, p. 80, April - May 2012
Le virus Symbian RommWar à la loupe, MISC, no. 46, p. 42-49, November-December 2009. shop
La sécurité des Wikis, MISC, no. 44, p. 76-82, July-August 2009
Conception et architecture de la bibliothèque cryptographique d’OpenSSL, MISC, no. 32, p. 52-60, July-August 2007
Protéger les messages applicatifs avec XML Security ou PKCS, MISC no 25, May-June 2006.
Des erreurs dans mon code sécurisé, où ça ?!, MISC, no. 16-17, November 2004 - January 2005
L’ASN.1 par l’exemple dans les certificats X.509, MISC, no. 15, September - October 2004 A. Apvrille, M. Pourzandi,
Protéger un réseau de machines distribuées contre un débordement de buffer… d’un seul coup, MISC, no. 7, May-June 2003 Hackable Magazine
Piloter sa cafetière connectée, Hackable no. 33, April-June 2020 shop
Fabriquez votre T-shirt interactif avec un Lilypad Arduino Hackable, no. 21, p. 96, November-December 2017 shop A. Apvrille, L. Apvrille,
Ventilation controlée par des framboises, Hackable, no. 11, p. 32, March-April 2016. link A. Apvrille, L. Apvrille,
Contrôler sa chaudière à distance avec un Raspberry Pi, Hackable, no.8, p.60, September-October 2015 Blog Posts
Virus Bulletin Conference 2022
Day 1 Day 2 Day 3, October 4, 2022
English accent for Frogs, July 5, 2022
Androscope, June 28, 2022
Unpacking a JsonPacker-packed sample, June 27, 2022
Tracking Android/Joker payloads with Medusa, static analysis (and patience), June 20, 2022
Quick look into a new sample of Android/BianLian, June 9, 2022
Reversing an Android sample which uses Flutter, May 12, 2022
Warning: GRIM and Magnus Android Botnets are Underground, April 28, 2022
Android/BianLian Botnet Trying to Bypass Photo TAN use for Mobile Banking, April 13, 2022
Live reverse engineering of a trojanized medical app - Android/Joker, March 8, 2022
BianLian C2 domain name, January 25, 2022
Creating a safe dummy C2 to test Android bots, January 21, 2022
Android/BianLian payload, January 17, 2022
Multidex trick to unpack Android/BianLian, January 14, 2022 2021
Investigating Android malware with Pithus, July 13, 2021
A basic test locker for Android, July 6, 2021
A blind try of MobSF over a suspicious Android sample, May 26, 2021
A native packer for Android/Moqhao, May 19, 2021
Android/Oji worm fake COVID 19 vaccine registration campaign, May 3, 2021
Android/Flubot: preparing for a new campaign?, March 29, 2021
Quark on an Android malware: how good was it? My opinion!, February 9, 2021
An apparently benign app distribution scheme which has all it takes to turn (very) ugly, February 2, 2021 2020
Decrypting strings with a JEB script, December 17, 2020
Unpacking an Android malware with Dexcalibur and JEB, December 16, 2020
Customizing your Cowrie honeypot, November 3, 2020
Into Android Meterpreter and how the malware launches it - part 2, Sept 25, 2020
Locating the Trojan inside an infected COVID-19 contact tracing app, September 18, 2020
CnC communication of a fake Aarogya Setup COVID-19 app, August 14, 2020 Reversing V-Alert COVID-19 Android/BankBot:
part 1, part 2, May 12, 2020
Android malware targets diabetic patients, January 31, 2020 2019
Fortinet Discovers New Android Apps that Mine the Unminable
An Android Package is no longer a ZIP, August 23, 2018
Android/BondPath: a Mature Spyware, August 23, 2018
Recent Security Research News, June 28, 2018
You Will Fall For This One Day…, April 9, 2018
Fortinet at Insomni’hack 2018, March 28, 2018 Troopers
Day 2, Day 1 March 14-16, 2018
Into the Implementation of Spectre, January 17, 2018
Security Research News in Brief - November 2017 Edition, January 14, 2018 2017
Ph0wn: The 1st CTF of Smart Devices is Over! December 7, 2017
Ph0wn: A CTF Dedicated to Smart Devices, November 27, 2017
Security Research News in Brief - October 2017 Edition, November 9, 2017
Security Research News in Brief - August 2017 Edition, October 19, 2017
Blueborne: Technical Insight , September 19, 2017
Security Research News in Brief - July 2017 Edition, September 7, 2017
Analyzing Android malware using a FortiSandbox, August 17, 2017
NSE Experts Academy CTF ,July 30, 2017
SSTIC in a nutshell, July 4, 2017
Security Research News In Brief - May 2017 editi , June 22, 2017
Zero patch IoT envirment , May 17, 2017
Security Research News In Brief - April 2017 edition , May 10, 2017
Security Research News In Brief - March 2017 edition , Mar 24, 2017 Teardown of a recent variant of Android/Ztorg
part 1 and part 2, Mar 15, 2017
You don’t need to break my heart , Feb 27, 2017 2016
Reading your tracker’s battery level with a standard Bluetooth 4.0 USB dgle , Dec 9, 2016
Disassembling Linux/Mirai.B!worm, Dec 8, 2016
Hackath Sophia Antipolis 2016, Nov 29, 2016
DefCamp 2016, Nov 18, 2016
Where I nearly w a cnected coffee machine at DefCamp 2016, Nov 17, 2016
IoT-based Linux/Mirai: Frequently Asked Questis, Oct 31, 2016
Hack.Lu 2016 Wrap Up, Oct 25, 2016
IoT malware are coming. Will you listen to me know?, Oct 24, 2016
Pebble Smartwatch Talk at Virus Bulletin 2016, Oct 14, 2016
Risks or not behing Pokém GO, August 11, 2016
Pokémon GO Plus review through reverse engineering, August 11, 2016
Android adware trying to deceive the analyst, May 20, 2016
Your Gossip Is Public, April 22, 2016
WhatsApp vs Telegram, April 15, 2016
Insomni’hack 2016, March 25, 2016
Bad Mirror: New Android Malware family spotted by SherlockDroid, March 7, 2016 2015
Hacktivity 2015 October 14, 2015
CryptoGirl StageFright: A Detailed Explanation August 25, 2015
StageFright, Telegram Stage-Left & WhatsApp Stage-Right August 14, 2015
Locker, an Android ransomware full of surprises August 11, 2015
Want Everybody to Know You’re Flirting? This App is For You! July 25, 2015
Insurance Fraud via Internet of ThingsJuly 9, 2015
Nuit du Hack 2k15 June 25, 2015
Hack in Paris 2015 June 24, 2015
Android Security Report in Far Less Than 44 Pages April 17, 2015
InsomniDroid Part 2: Write Up April 4, 2015
Insomni’Hack iOS challenges March 26, 2015
Insomni’hack CTF write up March 25, 2015
Insomni’hack 2015 March 23, 2015
Investigating PawnStorm for iPhone February 13, 2015
Aggressive Riskware Installati Amaz Kindle (and Android) January 12, 2015 2014
Inside Hack.Lu 2014 November 10, 2014
Android Emmental, Adding Cheese in Emmental Holes October 30, 2014
Inside BlackHat Europe 2014 October 29, 2014
0wning Emmental October 20, 2014
Android Packers Talk at Hacktivity October 9, 2014
My Day Unbricking a Friend’s Phe September 17, 2014
Want everybody to know you’re flirting? this app is for you! July 25, 2014
Clean for the phe, but not clean in the code July 7, 2014
iOS Malware Does Exist, June 9, 2014
AngeCrypti at Insomni’Hack, March 31, 2014
Mobile Advertisement Serving Fake Anti-Virus and App Over Billing Spanish newspaper, March 14, 2014
New Drive By Download Android Malware, February 17, 2014
Malware or Spam Campaign Internet of Things, January 27, 2014 2013
Sophisticated DEX obfuscati or Proguard configuration issue?, December 16, 2013
RATP Android Application Privacy: Status, December 2, 2013
Alligator at GreHack, November 14, 2013
Hack.lu Capture The Flag (CTF)- RoboAuth, October 29, 2013
Hacktivity 2013: Keynotes, October 17, 2013
VB 2013- Day 3, October 14, 2013
VB 2013- Day 2, October 11, 2013
VB 2013- Day 1, October 10, 2013
iPhe 5S: Inside the Secure Enclave, September 16, 2013
NSA’s (and GCHQ) Decryption Capabilities: Truth and Lies, September 6, 2013
Alligator detects GPS leaking adware, August 2, 2013
Mobile Malware Gets in the Top 10 Viruses, July 29, 2013
Millis of SIM cards vulnerable to remote compromise, July 24, 2013
Don’t Send Your SMS Scam to an AntiVirus Analyst
(http://blog.fortinet.com), July 17, 2013
I am Datarmined to secure my Facebook posts, July 8, 2013
An Anti-Virus Analyst’s Day (or Hour) into Firefox OS, June 20, 2013
NSA Has Large Disks, June 10, 2013
11M for a simple cference program applicati, May 27, 2013
1,000 malicious Android samples per day, May 13, 2013
Finding Similarities and Differences at DEX level, May 6, 2013 2012
EuroGrabber is Zitmo , December 7, 2012
Hashdays Android Challenge: the Solution, November 23, 2012
Hashdays Arduino Badge November 9, 2012
Hashdays 2012 wrap-up November 7, 2012 [FortiGuard’sblog][Advanced Tools for Android Reverse Engineering](http://blog.fortiguard.com/advanced-tools-for-android-reverse-engineering/) November 5, 2012
Hashdays Android Challenge: Win a FortiGate <ahref=“http://blog.fortiguard.com/), October 29, 2012
Hashdays challenge by Fortinet to begin Oct 29, 2012, October 23, 2012
Android/Fakemart’s end: authors has been identified October 19th, 2012
Android malware distributed by malicious SMS in France September 21st, 2012.
Making mey out of Android/Fakemart September 3, 2012.
Dalvik Executable (DEX) Embedded in another DEX! August 23, 2012.
Android byte-code obfuscati challenge July 30th, 2012.
Ctrolling Android/Zitmo by SMS commands July 21st, 2012
StarCraft culture to understand Android June 19th, 2012
Tracking Android/Fcy- June 6th, 2012.
Back from EICAR 2012- May 25th, 2012. -(http://blog.fortiguard.com/droidkungfu-is-getting-smarter-hopefully-so-am-i/“>DroidKungFu is getting smarter (hopefully, so am I)- May 11th, 2012.
Mobile Botnets: We Had Told You So- April 20th, 2012. 2011
Analyzing CarrierIQ’s defense, December 20th, 2011.
Android/Fcy emanating and propagating in France, December 15, 2011.
CarrierIQ Android- FAQ December 13, 2011.
Levitator: Root your Android phe November 25th, 2011.
OpenBTS for Mobile Malware Analysis, November 17th, 2011.
Symbian malware uses a 91-byte XOR key, November 8th, 2011.
Clarifying Android/DroidKungFu variants, October 26th, 2011.
VB 2011 talks, part 3 and end, October 25th, 2011.
VB 2011 talks, part 2, October 18th, 2011.
VB 2011 talks, part 1, October 12th, 2011.
QR code and mobile malware: it happened!, October 3rd, 2011.
Spitmo gets Android: mini-FAQ, September 16th, 2011.
Android/Zitmo: an Update, July 18, 2011.
Zitmo hits Android, July 8, 2011.
Android/CruseWin carries a malicious kill switch, July 4, 2011.
Android/DroidKungFu: attacking from a mobile device?, June 16, 2011.
Android/DroidKungFu uses AES encrypti, June 9, 2011.
Android/Smspacem under the microscope, May 30, 2011.
Airpush… pushes the envelope, May 17, 2011.
iPhe Tracking, April 21, 2011.
Mobile Malware Statistics, March 28, 2011.
How Android/Fake10086 selectively blocks SMS- step by step, March 10, 2011.
Android/DroidDream uses two vulnerabilities, March 3, 2011.
Hacking Mobile Phe Statistics, March 1, 2011.
What’s new in Zitmo.B?, February 23, 2011.
ShmooC 2011 Debriefing, February 9, 2011.
Mobile phishing related to Yxes, January 12, 2011. 2010
Hidden feature in Android spyware, November 12, 2010.
Symbian malware and Internet Access Points, November 4, 2010.
Zitmo Follow Up: From Spyware to Malware, September 28, 2010.
Zeus In The Mobile (Zitmo): Online Banking’s Two Factor Authenticati Defeated- , September 27, 2010
You can’t judge a book by its cover, September 7, 2010.
iPhe 4 / iPad: the Keys Out of Pris, August 5, 2010.
Mobile Malware Sends WAP Push SMS, August 3, 2010.
Symbian Signed Mobile Malware: One Gang?, July 29, 2010.
SymbOS/Album One Step Closer To Mobile Botnets, July 15, 2010.
SymbOS/Album Follows the Path of SymbOS/Yxes, July 8, 2010.
How to send an SMS- the geeky way, June 7, 2010.
EICAR 2010: Presentati Round-Up, June 4, 2010.
Airport flight schedule crash (unharmful), May 25, 2010.
WinCE/Terdial or impunity for dialers, May 17, 2010.
No, the iPad is NOT hacked, May 3, 2010.
Reversing the Symbian Enoriv malware, April 13th 2010.
SymbOS/Yxes goes versi 2, March 4th 2010.
10 Predictis for Mobile Malware in 2010, January 28th 2010.
Malicious Transfer of IM3 funds: the Return, January 26th 2010. 2009 and before
Duh’s not malicious, dude!, December 10th 2009.
Securing your jailbroken iPhe, December 2nd 2009.
John Doe’s Credentials, November 16th 2009.
Targeted Spam: an Unfair Blow to Security, November 5th 2009.
When Your Phe Becomes Your Worst Enemy, October 27th 2009.
Keep your phe healthy: H1N1 vs. SymbOS/Yxes, October 13th 2009.
Transmitter.C is not Yxes.E, August 26th 2009.
Symbian Certificates or How SymbOS/Yxes got Signed, August 4th 2009.
SymbOS/Yxes or downloading customized ctent, July 21st 2009.
Detecting spyware for iPhes, July 16th 2009.
Friendly’ spam: A trick for managing unwanted emails from family, friends , June 25 2009. June 9th, 2009,
Trash CRC32 April 21, 2009,
2D Codes: Lowering the “bar” for mobile threats ? April 13, 2009,
Attacking stamps for fun and profit ? March 9, 2009,
Flocker virus writer’s name found via Google? Or privacy issue? February 23, 2009,
A cryptographer’s eye antivirus analysis Miscellaneous
I am the
lead organizer of Ph0wn CTF. This CTF is dedicated to smart devices. Its first edition was in 2017.
I designed a few crackme if you feel like trying:
I play in the
pic0wn CTF team. This is a very small team, but it’s fun :)
GreHack CTF 2022:
1 (with soudure_au_beurre team) Hardwear.io CTF 2022:
2 (with duks team) Hack.lu CTF 2021: 89
Bambi CTF 2021 (attack & defense): 46
Hack.lu CTF 2020: 81
Insomni’hack CTF 2019: 23 (with mushd00m team)
Hack.lu CTF 2018: 49
Insomni’hack CTF 2017: 56
Vulnerability identified at the IoT Village competition in DefCamp 2016 (to my knowledge, only 3 were identified by all competitors)
Hack.lu CTF 2015: 83 (6th local team)
SSTIC 2015: 3rd in 0-Rulez
our solution was mentioned as the most original :) Insomni’hack CTF 2015: 30
Hack.lu CTF 2014: 161 (5th ‘local’ team)
Hack.lu CTF 2013: 97 (6th ‘local’ team)
… a long time ago (2003) challenge SecuriTech: 42
Nullcon since 2018
GreHack 2016 - 2018, 2020 - 2022. I was PC co-chair of GreHack 2019.
Virus Bulletin conference, reviewer since 2016
Virus Bulletin Advisory Board since 2018
WiSec 2014 posters
IEEE ClusterSec’06 Workshop
2001 Data integrity check method using cumulative hash function
10/034706 2001 Upgradeable time stamp mechanism
10/027341 2001 Virtual worm method and system
10/034,055 2001 Method and system for providing a secure time reference in a worm
10/034709 2002 Method and system for timestamped virtual worm in a SAN
10/202,067 2002 Secure E-mail Timestamping
10/184477 2003 Method and computer system operated software application for digital signature
10/740484 2005 Method and system for managing electronic data content
WO2007074232 2005 Procédé et système d’analyse de page
FR2895817 2005 Method for creating a secure counter on an on-board computer system comprising a chip card
WO2007080289 2005 Method for authenticating applications of a computer system
WO2007077362 2006 Système et procédé de sécurisation de données
WO/2008/037895 2006 Systèmes electroniques sécurisés, procédés de sécurisation et utilisations de tels systèmes
WO2008096076 2008 Procédé de vérification de l’intégralité d’une mémoire EEPROM
FR2933791 2016 Augmented reality visualization device for network security