Latest News
Next upcoming conference for me is Hack.Lu in October 2018

Peer-Reviewed Journals

A. Apvrille, L .Apvrille, SherlockDroid: a Research Assistant to Spot Unknown Malware in Android Marketplaces, Journal in Computer Virology and Hacking Techniques, vol. 11, no. 39, pages 1-11, 2015. [paper]. The final publication is available at Springer via DOI: [http://dx.doi.org/10.1007/s11416-015-0245-z]
A. Apvrille, T. Strazzere, Reducing the window of opportunity for Android malware Gotta catch'em all, Journal in Computer Virology, 2012, DOI: 10.1007/s11416-012-0162-3
A. Apvrille, Symbian worm Yxes: towards mobile botnets?, Journal in Computer Virology, 2012, DOI: 10.1007/s11416-012-0163-2
L. Apvrille, P. de Saqui-Sannes, R. Pacalet et A. Apvrille, Un environnement de conception de systèmes distribués basé sur UML, Annals of Telecommunications, Vol. 61, n 11/12, pp. 1347-1368, Nov. 2006 [Abstract]
A. Apvrille, M. Pourzandi, Secure Software Development by Example, IEEE Security & Privacy, vol. 3, no. 4, July/August, 2005, pp. 10-17. [Link]
A. Apvrille, M. Pourzandi, XML Distributed Security Policy for Clusters, Computers & Security Journal (COSE91), Elsevier, vol. 23, no. 8, pp 649-658, December 2004 - [Abstract]

Academic, Peer-Reviewed Conferences

A. Apvrille, Ingénierie inverse d'une brosse à dents connectée, Symposium sur la sécurité des technologies de l'information et des communications (SSTIC), Rennes, 7-9 juin 2017 [paper][video] (in French)
L. Apvrille, A. Apvrille, Identifying Unknown Android Malware with Feature Extractions and Classification Techniques, IEEE TrustCom, Helsinki, Finland, 20-22 August 2015 [see here]
L. Apvrille, A. Apvrille, Pre-filtering Mobile Malware with Heuristic Techniques, GreHack, Grenoble, France, November 2013 [paper] [slides]
A. Apvrille, T. Strazzere, Reducing the Window of Opportunity for Android Malware, in Proceedings of the 21st EICAR Annual Conference, pp. 131-149, Lisbon, Portugal, May 7-8, 2012 [paper] [slides].
A. Apvrille, J. Zhang, Four Malware and a Funeral, in Proceedings of 5th Conf. on Network Architectures and Information Systems Security (SAR-SSI), Menton, France, May 18-21, 2010.
A. Apvrille, Symbian Worm Yxes: Towards Mobile Botnets?, in Proceedings of the 19th EICAR Annual Conference, pp. 31-54, Paris, France, May 8-11, 2010 (Best Paper Award) [paper][slides]
L. Apvrille, P. de Saqui-Sannes, A. Apvrille, Une méthodologie de conception des systèmes distribués basée sur UML, Actes de la 5ème conférence sur les nouvelles technologies de la répartition (NOTERE'05), p 217-214, Gatineau, QC, Canada, 29 août - 1er septembre 2005.
A. Apvrille, D. Gordon, S. Hallyn, M. Pourzandi, V. Roy, DigSig: Runtime Authentication of Binaries at the Kernel Level, in the Proceedings of the 18th Large Installation System Administration Conference (LISA'04), pp. 59-66, Atlanta, November 14-19 2004 [Link].
M. Pourzandi, A. Apvrille, E. Gingras, A. Medenou, D. Gordon, Distributed Access Control for Carrier Class Clusters, Parallel and Distributed Processing Techniques and Applications (PDPTA'03) conference, Las Vegas, June 2003.
A. Apvrille, J. Hughes, V. Girier,Streamed or Detached Triple Integrity for a Time Stamped Secure Storage System, First International IEEE Security in Storage Workshop (SISW'2002), Greenbelt, Maryland, USA, December 2002, [pdf]
A. Apvrille, V. Girier, XML Security Time Stamping Protocol, Information Security Solutions Europe conference (ISSE'02), Paris, October 2002, [pdf].
A. Apvrille, J. Hughes, A Time Stamped Virtual WORM System, SEcurité de la Communication ur Internet workshop (SECI'02), Tunis, Tunisia, September 2002, [pdf].

Industrial, hacking conferences

This section concerns non-academic conferences. Usually, peer-review is more limited, submission of an abstract, bio, demo, video, slides...
Sometimes very technical!

A. Apvrille, Are there Spectre-based malware on your Android smartphone? Pass The Salt, Lille, France, July 2018, [slides] [video]
A. Apvrille, Is my toothbrush really smart?, Troopers, Heidelberg, Germany, March 2018, [slides
A. Apvrille, Android Reverse Engineering Tools: not the usual suspects, Virus Bulletin Conference, Madrid, Spain, October 2017 [slides]
A. Apvrille, Infecting Internet of Things, DefCamp, Bucharest, Romania, November 2016 [slides]
A. Apvrille, Mobile Applications: a Backdoor into Internet of Things?, Virus Bulletin Conference, Denver, USA, October 2016 [slides]
A. Apvrille, Reversing Internet of Things from mobile applications, Insomni'hack, Geneva, March 2016 [slides] and Area 41, Zurich, June 2016 [slides] [video].
A. Apvrille, Geek usages for your Fitbit Flex tracker Hack.lu, Luxemburg, October 2015 [slides]
A. Apvrille, Criminal Profiling: Android Malware, Nuit du Hack, Paris, June 20, 2015, [slides]
A. Apvrille, Fitness Tracker: Hack in Progress, Hack in Paris, Paris, June 18-19, 2015, [slides] and Hacktivity [slides] (October 2015)
A. Apvrille, Pawn Storm: What's Up on iOS devices?, Insomni'hack, Geneva, March 2015, [slides]
A. Apvrille, L. Apvrille, SherlockDroid: an Inspector for Android Marketplaces, Hack.Lu, Luxembourg, October 21-24, [paper] [slides]
A. Apvrille, A. Albertini, Hide Android Applications in Images, BlackHat Europe, Amsterdam, NL, October 2014, 16-17 [paper] [slides]
A. Apvrille, Playing Hide and Seek with Dalvik Executables, Hacktivity, Budapest, Hungary, October 2013 - also presented at Hack.Lu, Luxembourg, October 2013, updated at Insomni'Hack in March 2014 [InsomniHack slides][Hack.lu slides][paper]
K. de Pontevès, A. Apvrille, Analysis of Android In-App Advertisement Kits, Virus Bulletin Conference, pp. 133-138, Berlin, Germany, October 2013. [slides]
A. Apvrille, Guns and Smoke to Defeat Mobile Malware, Hashdays, Lucerne, Switzerland, November 2-3 2012.
This is a "Sponsor Talk" (though I do not really talk about Fortinet) [slides]
A. Apvrille, G. Lovet, An Attacker's Day into Virology: Human vs Computer, BlackHat Europe, Amsterdam, The Netherlands, March 14-16 2012, [paper] [slides]
A. Apvrille, Android Reverse Engineering Tools, Insomni'Hack 2012, Geneva, Switzerland, March 2, 2012 [slides]
A. Apvrille, Cryptography for Mobile Malware Obfuscation, RSA Europe, London, UK, October 2011. [paper] [demo video]
A. Apvrille, An OpenBTS GSM Replication Jail for Mobile Malware, Virus Bulletin Conference, pp. 86-94, Barcelona, Spain, October 2011. [paper][slides][demo video]. Copyright is held by Virus Bulletin Ltd but made available on this site for personal use free of charge by permission of Virus Bulletin
A. Apvrille, Mobile Malware in Practice, Insomni'Hack 2011, Geneva, Switzerland, March 4, 2011, [slides]
A. Apvrille, K. Yang, Defeating mTANs for profit, ShmooCon 2011, Washington DC, USA, January 28-30 2011, [slides]
A. Apvrille, The Four Horsemen, 7th CONFidence 2010 conference, Krakow, Poland, May 24-26, 2010 [slides]

Workshop, trainings

Those are trainings I gave.

Android reverse engineering, Hack.Lu, October 2018: advanced
Android malware reverse engineering for the Brave, Virus Bulletin, October 2018: 1h30 with 2 tracks: beginners & advanced
Hello, Android Malware Reversing! GreHack, November 2017: 2 hours, for beginners
Say hello to Android malware reverse engineering XVeme Nuit du Hack, June 2017: 2 hours, for beginners
Android malware reverse engineering, Insomni'hack, March 2017: 5 hours [slides]
Android malware reverse engineering, Hack.lu, Luxembourg, October 2016: 3 hours [slides]

Technical magazines

A. Apvrille, Does Malware Based on Spectre Exist? in Virus Bulletin, July 2018 [link to paper]

A. Apvrille, Fabriquez votre T-shirt interactif avec un Lilypad Arduino, Hackable magazine, no. 21, p. 26, November-December 2017

A. Apvrille, Rétrop-ingénierie d'applications Android avec Androguard, MISC, no. 92, July 2017, [link to paper] - in French

A. Apvrille, Les objets connectés peuvent-ils être infectés?MISC - Hors Série numéro 15 : Sécurité des objets connectés, pp. 88 - 103, Mai 2017

A. Apvrille, Analyse de la sécurité d'un bracelet sportif, MISC numéro 87, p. 76, Septembre-Octobre 2016

A. Apvrille, L. Apvrille, Ventilation contrôlée par des framboises, Hackable magazine, no.11, p.32, Mars-Avril 2016

A. Apvrille, L. Apvrille, Contrôler sa chaudière à distance avec un Raspberry Pi, Hackable magazine, no.8, p.60, Septembre-Octobre 2015

A. Apvrille, Inside the iOS/AdThief malware, Virus Bulletin, August 2014 [pdf].

A. Apvrille, R. Nigam, Obfuscation in Android malware and how to fight back, Virus Bulletin, July 2014 [pdf]. This was also presented at the 8th International CARO Workshop, May 15-16, Florida, USA.

L. Apvrille, A. Apvrille, P. Bogossian, Retour d'expérience sur quelques épreuves de Hack.lu 2013 MISC numéro 73, p.50-86, Mai-Juin 2014

A. Apvrille, Détenu virus mobile : nous avons les moyens de vous faire parler !, MISC Hors série numéro 5, p. 80, Avril - Mai 2012

A. Apvrille, K. Yang, Defeating mTANs for Profit - part one, Virus Bulletin, pp. 6-10, March 2011

A. Apvrille, Le virus Symbian RommWar à la loupe, MISC numéro 46, p.42-49, Novembre - Décembre 2009.

A. Apvrille, La sécurité des Wikis, MISC numéro 44, p.76-82, Juillet - Août 2009.

A. Apvrille, Conception et architecture de la bibliothèque cryptographique d'OpenSSL, MISC numéro 32, p.52-60, Juillet - Août 2007.

A. Apvrille, Protéger les messages applicatifs avec XML Security ou PKCS, MISC numéro 25, Mai - Juin 2006.

A. Apvrille, D. Gordon, DigSig novelties, Libre Software Meeting, Security Topic, July 4-9 2005 [slides].

A. Apvrille, Des erreurs dans mon code sécurisé où ca ?! MISC numéros 16-17, Novembre 2004-Janvier 2005.

A. Apvrille, M. Pourzandi, Trusted Computing in Linux: status, Linux World magazine, Vol. 2, No. 12, December 2004.

M. Pourzandi, A. Apvrille, Setting up Virtual Security Zones in a Linux Cluster, Linux Journal, issue 126, October 2004 [HTML].

A. Apvrille, L'ASN.1 par l'exemple dans les certificats X.509, MISC numéro 15, septembre-octobre 2004.

A. Apvrille, M. Pourzandi, D. Gordon, V. Roy, Stop Malicious Code Execution at Kernel-Level, Linux World magazine, Vol. 2, No. 1, January 2004.

A. Apvrille, M. Pourzandi, Protéger un réseau de machines distribuées contre un débordement de buffer… d'un seul coup, MISC numéro 7, mai-juin 2003.

Miscellaneous presentations

A. Apvrille, OpenBTS for dummies v0.5, April 2011 [pdf]

Programmation sécurisée sous Java: retour d'expérience, RéSIST, Septembre 2002 [slides].

L'horodatage sécurisé: état de l'art et applications, RéSIST, Juin 2002 [slides].

Blog Posts
2018:

An Android Package is no longer a ZIP, on Fortinet's blog, August 23, 2018

Android/BondPath: a Mature Spyware, on Fortinet's blog, August 23, 2018

Recent Security Research News, on Fortinet's blog, June 28, 2018

You Will Fall For This One Day..., on Fortinet's blog, April 9, 2018

Fortinet at Insomni'hack 2018, on Fortinet's blog, March 28, 2018

Troopers Day 1, Day 2on Fortinet's blog, March 14-16, 2018

Into the Implementation of Spectre, on Fortinet's blog, January 17, 2018

Security Research News in Brief - November 2017 Edition, on Fortinet's blog, January 14, 2018

2017:

Ph0wn: The 1st CTF of Smart Devices is Over!on Fortinet's blog, December 7, 2017

Ph0wn: A CTF Dedicated to Smart Devices, on Fortinet's blog, November 27, 2017

Security Research News in Brief - October 2017 Edition, on Fortinet's blog, November 9, 2017

Security Research News in Brief - August 2017 Edition, on Fortinet's blog, October 19, 2017

Blueborne: Technical Insight, on Fortinet's blog, September 19, 2017

Security Research News in Brief - July 2017 Edition, on Fortinet's blog, September 7, 2017

Analyzing Android malware using a FortiSandbox, on Fortinet's blog, August 17, 2017

NSE Experts Academy CTF on Fortinet's blog,July 30, 2017

SSTIC in a nutshell on Fortinet's blog, July 4, 2017

Security Research News In Brief - May 2017 edition on Fortinet's blog, June 22, 2017

Zero patch IoT environment on Fortinet's blog, May 17, 2017

Security Research News In Brief - April 2017 edition on Fortinet's blog, May 10, 2017

Security Research News In Brief - March 2017 edition on Fortinet's blog, Mar 24, 2017

Teardown of a recent variant of Android/Ztorg part 1 and part 2, on Fortinet's blog, Mar 15, 2017

You don't need to break my heart, on Fortinet's blog, Feb 27, 2017

2016:

Reading your tracker's battery level with a standard Bluetooth 4.0 USB dongle, on Fortinet's blog, Dec 9, 2016

Disassembling Linux/Mirai.B!worm on Fortinet's blog, Dec 8, 2016

Hackathon Sophia Antipolis 2016, on Fortinet's blog, Nov 29, 2016

DefCamp 2016, on Fortinet's blog, Nov 18, 2016

Where I nearly won a connected coffee machine at DefCamp 2016, on Fortinet's blog, Nov 17, 2016

IoT-based Linux/Mirai: Frequently Asked Questions, on Fortinet's blog, Oct 31, 2016

Hack.Lu 2016 Wrap Up on Fortinet's blog, Oct 25, 2016

IoT malware are coming. Will you listen to me know?, on Fortinet's blog, Oct 24, 2016

Pebble Smartwatch Talk at Virus Bulletin 2016, on Fortinet's blog, Oct 14, 2016

Risks or not behing Pokémon GO, on Fortinet's blog, August 11, 2016

Pokémon GO Plus review through reverse engineering, on Fortinet's blog, August 11, 2016

Android adware trying to deceive the analyst, on Fortinet's blog, May 20, 2016

Your Gossip Is Public, on Fortinet's blog, April 22, 2016

WhatsApp vs Telegram, on Fortinet's blog, April 15, 2016

Insomni'hack 2016, on Fortinet's blog, March 25, 2016

Bad Mirror: New Android Malware family spotted by SherlockDroid, on Fortinet's blog, March 7, 2016

2015:

Hacktivity 2015 on Fortinet's blog October 14, 2015
CryptoGirl on StageFright: A Detailed Explanation on Fortinet's blog August 25, 2015
StageFright, Telegram Stage-Left & WhatsApp Stage-Right on Fortinet's blog August 14, 2015
Locker, an Android ransomware full of surprises on Fortinet's blogAugust 11, 2015
Want Everybody to Know You're Flirting? This App is For You! on Fortinet's blog July 25, 2015
Insurance Fraud via Internet of Thingson Fortinet's blogJuly 9, 2015
Nuit du Hack 2k15 on Fortinet's blog June 25, 2015
Hack in Paris 2015 on Fortinet's blog June 24, 2015
Android Security Report in Far Less Than 44 Pages on Fortinet's blog April 17, 2015
InsomniDroid Part 2: Write Up on Fortinet's blog April 4, 2015
Insomni'Hack iOS challenges on Fortinet's blog March 26, 2015
Insomni'hack CTF write up on Fortinet's blog March 25, 2015
Insomni'hack 2015 on Fortinet's blog March 23, 2015
Investigating on PawnStorm for iPhone on Fortinet's blog February 13, 2015
Aggressive Riskware Installation on Amazon Kindle (and Android)on Fortinet's blog January 12, 2015

2014:

Inside Hack.Lu 2014, on Fortinet's blog November 10, 2014
Android Emmental, Adding Cheese in Emmental Holes, on Fortinet's blog October 30, 2014
Inside BlackHat Europe 2014, on Fortinet's blog October 29, 2014
0wning Emmental, on Fortinet's blog October 20, 2014
Android Packers Talk at Hacktivity, on Fortinet's blog October 9, 2014
My Day Unbricking a Friend's Phone, on Fortinet's blog September 17, 2014
Want everybody to know you're flirting? this app is for you!, on Fortinet's blog July 25, 2014
Clean for the phone, but not clean in the code, on Fortinet's blog July 7, 2014
iOS Malware Does Exist on Fortinet's blog, June 9, 2014
AngeCryption at Insomni'Hack on Fortinet's blog, March 31, 2014
Mobile Advertisement Serving Fake Anti-Virus and App Over Billing on Spanish newspaper on Fortinet's blog, March 14, 2014
New Drive By Download Android Malware on Fortinet's blog, February 17, 2014
Malware or Spam Campaign on Internet of Things on Fortinet's blog, January 27, 2014

2013:

Sophisticated DEX obfuscation or Proguard configuration issue? on Fortinet's blog, December 16, 2013
RATP Android Application Privacy: Status on Fortinet's blog, December 2, 2013
Alligator at GreHack on Fortinet's blog, November 14, 2013
Hack.lu Capture The Flag (CTF) - RoboAuth on Fortinet's blog, October 29, 2013
Hacktivity 2013: Keynotes on Fortinet's blog, October 17, 2013
VB 2013 - Day 3 on Fortinet's blog, October 14, 2013
VB 2013 - Day 2 on Fortinet's blog, October 11, 2013
VB 2013 - Day 1 on Fortinet's blog, October 10, 2013
iPhone 5S: Inside the Secure Enclave on Fortinet's blog, September 16, 2013
NSA's (and GCHQ) Decryption Capabilities: Truth and Lies on Fortinet's blog, September 6, 2013
Alligator detects GPS leaking adware on Fortinet's blog, August 2, 2013
Mobile Malware Gets in the Top 10 Viruses on Fortinet's blog, July 29, 2013
Millions of SIM cards vulnerable to remote compromise on Fortinet's blog, July 24, 2013
Don't Send Your SMS Scam to an AntiVirus Analyst on Fortinet's blog, July 17, 2013
I am Datarmined to secure my Facebook posts on Fortinet's blog, July 8, 2013
An Anti-Virus Analyst's Day (or Hour) into Firefox OS on Fortinet's blog, June 20, 2013
NSA Has Large Disks on Fortinet's blog, June 10, 2013
11M for a simple conference program application on Fortinet's blog, May 27, 2013
1,000 malicious Android samples per day on Fortinet's blog, May 13, 2013
Finding Similarities and Differences at DEX level on Fortinet's blog, May 6, 2013

2012:

EuroGrabber is Zitmo on FortiGuard's blog, December 7, 2012
Hashdays Android Challenge: the Solution on FortiGuard's blog, November 23, 2012
Hashdays Arduino Badge on FortiGuard's blog, November 9, 2012
Hashdays 2012 wrap-up on FortiGuard's blog, November 7, 2012
Advanced Tools for Android Reverse Engineering on FortiGuard's blog, November 5, 2012
Hashdays Android Challenge: Win a FortiGate on FortiGuard's blog, October 29, 2012
Hashdays challenge by Fortinet to begin on Oct 29, 2012, on FortiGuard's blog, October 23, 2012
Android/Fakemart's end: authors has been identified on FortiGuard's blog, October 19th, 2012
Android malware distributed by malicious SMS in France on FortiGuard's blog, September 21st, 2012.
Making money out of Android/Fakemart on FortiGuard's blog, September 3, 2012.
Dalvik Executable (DEX) Embedded in another DEX! on FortiGuard's blog, August 23, 2012.
Android byte-code obfuscation challenge on FortiGuard's blog, July 30th, 2012.
Controlling Android/Zitmo by SMS commands on FortiGuard's blog, July 21st, 2012
StarCraft culture to understand Android on FortiGuard's blog, June 19th, 2012
Tracking Android/Foncy - on FortiGuard's blog, June 6th, 2012.
Back from EICAR 2012 - on FortiGuard's blog, May 25th, 2012.
DroidKungFu is getting smarter (hopefully, so am I) - on FortiGuard's blog, May 11th, 2012.
Mobile Botnets: We Had Told You So - on FortiGuard's blog, April 20th, 2012.

2011:

Analyzing CarrierIQ's defense - on Fortinet's blog, December 20th, 2011.
Android/Foncy emanating and propagating in France on Fortinet's blog, December 15, 2011.
CarrierIQ on Android - FAQon Fortinet's blog, December 13, 2011.
Levitator: Root on your Android phoneon Fortinet's blog, November 25th, 2011.
OpenBTS for Mobile Malware Analysis - on Fortinet's blog, November 17th, 2011.
Symbian malware uses a 91-byte XOR key on Fortinet's blog, November 8th, 2011.
Clarifying Android/DroidKungFu variants on Fortinet's blog, October 26th, 2011.
VB 2011 talks, part 3 and end on Fortinet's blog, October 25th, 2011.
VB 2011 talks, part 2 - on Fortinet's blog, October 18th, 2011.
VB 2011 talks, part 1 - on Fortinet's blog, October 12th, 2011.
QR code and mobile malware: it happened! - on Fortinet's blog, October 3rd, 2011.
Spitmo gets on Android: mini-FAQ - on Fortinet's blog, September 16th, 2011.
Android/Zitmo: an Update - on Fortinet's blog, July 18, 2011.
Zitmo hits Android - on Fortinet's blog, July 8, 2011.
Android/CruseWin carries a malicious kill switch - on Fortinet's blog, July 4, 2011.
Android/DroidKungFu: attacking from a mobile device? - on Fortinet's blog, June 16, 2011.
Android/DroidKungFu uses AES encryption - on Fortinet's blog, June 9, 2011.
Android/Smspacem under the microscope - on Fortinet's blog, May 30, 2011.
Airpush... pushes the envelope - on Fortinet's blog, May 17, 2011.
iPhone Tracking - on Fortinet's blog, April 21, 2011.
Mobile Malware Statistics - on Fortinet's blog, March 28, 2011.
How Android/Fake10086 selectively blocks SMS - step by step - on Fortinet's blog, March 10, 2011.
Android/DroidDream uses two vulnerabilities - on Fortinet's blog, March 3, 2011.
Hacking Mobile Phone Statistics - on Fortinet's blog, March 1, 2011.
What's new in Zitmo.B? - on Fortinet's blog, February 23, 2011.
ShmooCon 2011 Debriefing - on Fortinet's blog, February 9, 2011.
Mobile phishing related to Yxes - on Fortinet's blog, January 12, 2011.

2010:

Hidden feature in Android spyware - on Fortinet's blog, November 12, 2010.
Symbian malware and Internet Access Points - on Fortinet's blog, November 4, 2010.
Zitmo Follow Up: From Spyware to Malware - on Fortinet's blog, September 28, 2010.
Zeus In The Mobile (Zitmo): Online Banking's Two Factor Authentication Defeated - on Fortinet's blog, September 27, 2010
You can't judge a book by its cover - on Fortinet's blog, September 7, 2010.
iPhone 4 / iPad: the Keys Out of Prison - on Fortinet's blog, August 5, 2010.
Mobile Malware Sends WAP Push SMS - on Fortinet's blog, August 3, 2010.
Symbian Signed Mobile Malware: One Gang? - on Fortinet's blog, July 29, 2010.
SymbOS/Album One Step Closer To Mobile Botnets - on Fortinet's blog, July 15, 2010.
SymbOS/Album Follows the Path of SymbOS/Yxes - on Fortinet's blog, July 8, 2010.
How to send an SMS - the geeky way - on Fortinet's blog, June 7, 2010.
EICAR 2010: Presentation Round-Up - on Fortinet's blog, June 4, 2010.
Airport flight schedule crash (unharmful) - on Fortinet's blog, May 25, 2010.
WinCE/Terdial or impunity for dialers - on Fortinet's blog, May 17, 2010.
No, the iPad is NOT hacked - on Fortinet's blog, May 3, 2010.
Reversing the Symbian Enoriv malware - on Fortinet's blog, April 13th 2010.
SymbOS/Yxes goes version 2 - on Fortinet's blog, March 4th 2010.
10 Predictions for Mobile Malware in 2010 - on Fortinet's blog, January 28th 2010.
Malicious Transfer of IM3 funds: the Return - on Fortinet's blog, January 26th 2010.

2009 and before:

Duh's not malicious, dude! - on Fortinet's blog, December 10th 2009.
Securing your jailbroken iPhone - on Fortinet's blog, December 2nd 2009.
John Doe's Credentials - on Fortinet's blog, November 16th 2009.
Targeted Spam: an Unfair Blow to Security - on Fortinet's blog, November 5th 2009.
When Your Phone Becomes Your Worst Enemy - on Fortinet's blog, October 27th 2009.
Keep your phone healthy: H1N1 vs. SymbOS/Yxes - on Fortinet's blog, October 13th 2009.
Transmitter.C is not Yxes.E - on Fortinet's blog, August 26th 2009.
Symbian Certificates or How SymbOS/Yxes got Signed - on Fortinet's blog, August 4th 2009.
SymbOS/Yxes or downloading customized content - on Fortinet's blog, July 21st 2009.
Detecting spyware for iPhones - on Fortinet's blog, July 16th 2009.
'Friendly' spam: A trick for managing unwanted emails from family, friends - on Fortinet's blog, June 25 2009.
June 9th, 2009, Trash CRC32
April 21, 2009, 2D Codes: Lowering the "bar" for mobile threats ?
April 13, 2009, Attacking stamps for fun and profit ?
March 9, 2009, Flocker virus writer's name found via Google? Or privacy issue?
February 23, 2009, A cryptographer's eye on antivirus analysis

Challenges

I am the lead organizer of Ph0wn CTF, a CTF dedicated to smart devices. This CTF took place in Sophia Antipolis (France) on November 29, 2017. 2018 edition will take place on December 14, 2018.

I designed a few crackme if you feel like trying:

Hashdays 2012 Android Challenge: [APK] [blog post 1 and blog post 2] [Solution]
Insomni'hack 2012 CTF: [APK] [Solution]
Basic Firefox OS CrackMe

I am in the pic0wn CTF team. This is a very small team, but it's fun :)

Insomni'hack CTF 2017: 56 :(
Vulnerability identified at the IoT Village competition in DefCamp 2016 (to my knowledge, only 3 were identified by all competitors)
Hack.lu CTF 2015: 83 (6th local team)
SSTIC 2015: 3rd in 0-Rulez and our solution was mentioned as the most original ;)
Insomni'hack CTF 2015: 30
Hack.lu CTF 2014: 161 (5th 'local' team)
Hack.lu CTF 2013: 97 (6th 'local' team)
... a long time ago (2003) challenge SecuriTech: 42

Podcasts

Sécurité des objets connectés sur NoLimitSecu, October 30, 2016. In French.

Memberships

I was member of the Program Committee for:

Nullcon 2018
GreHack 2016 - 2018
Virus Bulletin conference 2016 - 2018 reviewer
Virus Bulletin Advisory Board since 2018
WiSec 2014 posters
the Security Topic at LSM 2005. [Slides]
IEEE ClusterSec'06 Workshop

Android Security Acknowledgements in 2014.

Patents

I'm the inventor (or co-inventor) of those patents:

2001 Data integrity check method using cumulative hash function [10/034706]
2001 Upgradeable time stamp mechanism [10/027341]
2001 Virtual worm method and system [10/034,055]
2001 Method and system for providing a secure time reference in a worm [10/034709]
2002 Method and system for timestamped virtual worm in a SAN [10/202,067]
2002 Secure E-mail Timestamping [10/184477]
2003 Method and computer system operated software application for digital signature [10/740484]
2005 Method and system for managing electronic data content [WO2007074232]
2005 Procédé et système d'analyse de page [FR2895817]
2005 Method for creating a secure counter on an on-board computer system comprising a chip card [WO2007080289]
2005 Method for authenticating applications of a computer system [WO2007077362]
2006 Système et procédé de sécurisation de données [WO/2008/037895]
2006 Systèmes electroniques sécurisés, procédés de sécurisation et utilisations de tels systèmes [WO2008096076]
2008 Procédé de vérification de l'intégralité d'une mémoire EEPROM [FR2933791]
2016 Augmented reality visualization device for network security [US20180077200A1]

Public key

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.11 (GNU/Linux)

mQELBEIJLssBCADqAloR2Ad88AiN9K/lqu3Vbs4sWTg9OctRejFmhfr3igbm1IID
QEZ14iKQ7sis7hurxYTURzxI1gKHpE85C231SZTMfWsu210YWtsg4OAlGPcHluYP
aBrBPreipr2Zan+VBTbOJ9+j1RVIyfAM5kfNuFlTrTHbksLirphZZllnEhm2Bk6E
wDQQbVs1f5oQa7Jt6gd01+MWx2fWe4Ramf1SFfrUcq4SBCgod6Js5PxW+qG9iGNC
1j/3yyGqCiZia6KYKuBD1vVwodUmmLLNSK4Rddcm/7yM7HcMbqYLWWDF8g/hjVEG
n7+/J8tHxEUCbdNKV7H/a7I4QmFZTKCCvGv1AAYptD9BeGVsbGUgQXB2cmlsbGUg
KFBlcnNvbmFsIEdudVBHIGtleSkgPGF4ZWxsZV9hcHZyaWxsZUB5YWhvby5mcj6J
ATEEEwECABsFAkIJLssGCwkIBwMCAxUCAwMWAgECHgECF4AACgkQYo6iZgEZdl6x
CwgAg65NLMcMmme7790AsEB89U7JuRw3uXrcG0Idp2+XflQRGF+wa9+NYi8M0B6v
dlINMRghMZ+BpYA81Dh9G8EamYd6aZifXN4uFyoHBMOYpz2TBQE94pMTJNDW2u+V
HaKPgiJhbd4s4oQqO0y/lpqdmDkS2ewNI4NYteL6+00ZTY+4bJeGHDVbhzlLLkni
DPuMocxIclfXUPMChiSu+RFXN1bQygnOkezozU0wvGdks08m1KDUOGYO7+dxDdNq
qYICjhbX+i2jEobiV8CuKVnTMj6MBHLp7rt2ikV55COQiRpDW+hmqc/6bKk8Cp9y
n+L+yQ9+0bxnkBoY3UqwgwsEcIkBHAQTAQIABgUCQgoZqQAKCRBO3R1vynOXk8M6
B/0bs5xIrv9kSrzl873MVMYkGfgxlzd3prCk3X09SJ98G//f46O+aQYOhqpqYKgb
7rup6vb3qHfnXEeR1mmgOjYNO9Q+Z4cRhBIoo0HnNl0HhLMO0ZHC33CTw5pzRsJS
I7ZLTnvlUZ+gjuUDjubEnUvTUrtUorX5tUMb4VCV5OyOto7Zb5NsflF4m+8cseo3
BCaNYsr7QG+QqOkvp2aZfmzXwJhgF2FTm2vdyDtdzg/+y7x3S+zL8fYzd1jMc99Z
zcTwQOTJVRgRmDbv/lF2wMbcp9UKEbIfUgpJJGUmvAzZIVA0EWl9rWFQqjng38p6
g+wdjpl9a+ZqRWQVtcw92Tqn0cvUy9IBEAABAQAAAAAAAAAAAAAAAP/Y/+AAEEpG
SUYAAQEBAEcARwAA/+EAFkV4aWYAAE1NACoAAAAIAAAAAAAA/9sAQwAFAwQEBAMF
BAQEBQUFBgcMCAcHBwcPCwsJDBEPEhIRDxERExYcFxMUGhURERghGBodHR8fHxMX
IiQiHiQcHh8e/9sAQwEFBQUHBgcOCAgOHhQRFB4eHh4eHh4eHh4eHh4eHh4eHh4e
Hh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4e/8AAEQgAjwBvAwEiAAIRAQMR
Af/EABwAAAEFAQEBAAAAAAAAAAAAAAMCBAUGBwABCP/EADoQAAIABQIDBAcGBgMB
AAAAAAIDAAQFEiITMgEGQiNSYnIHERQzgpKiFSEkMcLwQWNxc9LyNENhsv/EABoB
AAIDAQEAAAAAAAAAAAAAAAACAwQFAQb/xAAoEQACAgEDAwQBBQAAAAAAAAAAAgMS
BBMiUhQjMgEFEUJiMTNBYfD/2gAMAwEAAhEDEQA/AExxFcu2Eky0vixjsrroYUUO
XTuhXdxgeW6DKK4tsBwTaXwxxY29MEtxy2wol3FdaUB0GK/FCrSxGCCNowol247r
oDgG0h6cfF1RxCV2OMEasS3DcUDyygATbaP+UdkPmhVuXdjiG4tsAAbRtES2xxCV
vigxB4YS0DLZb6+qABrcLCIrYII94oGF27q7sEG0ihTpxWr2ljDf2q52mOowv5Y3
Q4aVwkVuIjHDcpy2LWSRcsWabNw49UZ+blyQrtBl7dgiGiRWkVrO6UPFDd/lDN6l
tESLFm4SGFC2YWVuiLLeocYhxvdo5F7m1iFZOQ6xJm7KOtGG4vmBL/j/AFRwtcWJ
S/1Ra6/H5DWUcW/6wMjSv3kwhZd3UygZLmH4jiJdMEbLLUkR0xuinJ7rGrVjFaTi
DE9UuzcJeUoII+WFIYsiYtZCWiWmWPVbd+qFWl826NaBrLYmbaJaI3bsu7CbRt+/
b0wTSISIrvqgZ3ceBDd1RIcI8SJg44wZQ5QESIh3dXVBB95uhTobG7L6oG8ZgmCT
MliNowZREQw+0hIRHpjH92krGu0VmatRiJLLcy3p2wZTZe63Uh0MssiErcocKlk2
jcPzR5/tsQDHVl7veDChZLkWLlxJFIy57tOBlSJcu78sGnHyE3DUSSP/AGDAZpgs
HErih82iy/SQw1bRcsWMHylDRRxq1rBb8RIjcIlHEOVpEMD+z5xXu5gi/uZQNTJp
TLWJu8Qx6aDPhrX9CZZFYMQ3DChG3Hp8scNpLhRCQjjjGgSkOgbh7sGERIdsBQJL
tuyh0OTOkoDrChxX0lExSpEppPZsESHvdUQ4423DE9y00riIchu3RR9xVWj3FiCN
WbcOCpVQEbhSt3lK2EjLTi91PZ8OUWqWO8Ryu+GHFvVpjb5YwWxI2+pI2JGUki0/
eS7xL+2UKF6brbiEvLF0JQkO2G75WXZuWsi8QwvRKL0S8iqi1cKFq9uMWApSXXd+
HX8ow3eqmkWUqsYj6ReQdFxYh9Ue8MBe2XESIu0YOQiMShDJhkmVX8UNZ7RFJYrW
RCUdixVtUOgqtmYr4iQry3FcVowQOPqH1ld98cJXRx3EWQ4x7GJarUqkOgsR7pfT
DoRtx/1gcsN1o7rRicGisZSZeeSwi1XaZLt2/u2GVQIcR823uw6p72SjiIfdluGO
nECp2nut/wDrq+q6G5ERdWMQyxrItWJI2ZWspfKLUJd68WEReGJi5dvvPmGMlbV5
ORymJxCSEsbmRoXJM8mtU/Ul54XMErSG6MuTHaPxLitYlryG3tIG1veg05LMlUk6
YHTFe4iIYCiRKbG5YkQljcNsV2WRfqTLXkNXvWVwxHvt3WldDzmOlOptPZOMmEWr
yISK0oqv2my20mDAuJK31JNaJSa1UrWRF0xB1CZJriK7GBvaxvvCx80D27bY0MLC
02sxRycnU2qex40rer5o7qESjj3RqlIj5Zmkxbkl2iyEhi/UyeT9jsWlYpYwtRiW
D7siyx8MRPKdFXo+2TBCwSxFfdit88U2vNqEnMUlb5payFbvEIjcXd8Xyx1o2WM5
+41VGfP/ADjTae4peTX7VOF7zujbtuLvRnczWuYK07RW4lrItqezEfijbJblCkql
WM+z1+0OXuYvIWEOWUZ7VeWagK5quUcWex3EQpYOLhHEiHuxTkWRlsppYzRr5ELS
qVLyfbOtmHd4umNQ9C04sK0ynutJcykht8Q5D+qM7pE2moJuXaLB3L7pRYOU5sqf
zNIzA3dm4cfijNWTubjRkjtG3oXj081N1P5JZT8nLm+zWJFkNuX6YnvQ7IzVM9H9
NWUwt2usWDbkQ3DGU+m6vlU+cmSosFknIYrEdpF1FGoUWvJpnopk6lLsXqaIrSP8
zb9OXyxoMy1MqrbVX7Ff9MFaGcmioa8loL8QXeLu/DGXkielHCylzTE27hJlw/LE
lMtY1zHMYTGEVxMLcRQxnpxMjKlMOIRt/dsZupI0nybGlGsdQiOcZiRmNGqS4kJF
kSxtKLlLTKZtK3JK5bBuEoweZnnTk4xznEWoW7uxono0qTCIpNzLls2+aNKKRl2s
Zc8CstlL59PihN1xbo4cYVaQj0xdM4TJ1WepjJeYYn8GghK0cRIvFFo5Xq5VOkjN
SorJjGZWlday7KI/mNHt1BXSZPTJj1iu5xWkK9xfLFNbTKx6O6SuXk3e0C+aWxjC
6RG7GOtZbcTq1ZeLFw5lmnK5iX7Ol8wy21yUuxISK3b0wmZ5vkZmkzFNkZOZTOEk
kpQ5e0i6fLuhv6Pp6nqlZyYc4VzhMu1GbRG7HL4omH0Zb64mqahS5CWIiI2kNt11
3mgT5ZbKLG3p9vQwvmOi1DlCtJc7IXDczTG0S8sTgsv03JLxCUPPTJWibUJOkz0q
sRUWoTrd3TaPhERiHU3sxt+mMfNVVk2noMRmaPcV2ptYbGE4iJmpkUWqi1qabynJ
0lxfh5ZzGJ+L9lFXq6i+1CER96V1vmGJaW7CXFIliMLM3bryFx4u4zcR4+ZWhetM
MEVjkMUevVNlRmssUr2jD7mOsJ0ylbbiIvliv3FdcUNjQ1WzEkjWaoQcR7sT3LU4
yWmlsErSEror926JClF+IEosN4h/BuUi32mVW7vDBhLK0hhrQyupsuRYiSxxKHnF
YjwHq/8AIuKeffyKHVeap6TryUy9sxOLXqLFmQ3F+rqh9V+b6lzHI6cxLlJsW7U6
iEum2K3ydIjV/SVMLmiIloXku63HHGNeqfL9FVRWS8qS12pItQulhW7vFiULVmXy
GlatVUqPLjVqqkq53aS+oLC+WNKnK5S1yZTUxMCvTXqFa63vW/FiWPljIxIUOXJp
cTNMhuYwbdQYrvN9cl2iUqlbRXcWpawrWFFXFdo1Zf7Dc0irUiefaqNX5onJxbGM
WTLVkwsrYectTxNX7K4u0EcfEMVloCIwqnk5cwtyS7QWbYWddRTeiqql2nkCc8uY
LpXbbEHzDVdC5KbdTvd2E1esaSySkrmENpM7sVu64tRmV3iivHDbcwNJXaoSWlpi
enFpl1lMTDitER6oNPSrqfOOlZgRFyStIbosnLnOzqOlcvT6PTVksbdYk3MZ5iiH
5lqDKq5k85Ircz3lvVFyxCtiNUVw+GJKlW62URcmJEsvNEtSvfCMEniTRmzcudpR
ZO673I7okBxKI/lzKiytpbViMSVnr++78vDFpfEwZPJjK+R6mNP9JU4JFcyZtWtZ
MFYkXiLuxtD1TX2W5zk/jCK3TTaQiRbSy7t1sfM3NhMRWVPSXHhxMR9XHhx2kMWL
k7neoHWZDhUpwilhcN58OHHiXAdv+MR6lVLGnqMpo9ck0oqEnJilkxMEy5jCLIh6
rYunMfK9LqFFYPs6iWxOI7f2UMJiVRVqhJzirkOle0WX3ROzdQBMpwB9xceH58eP
Dhx9UUbbfyJIkkWRrf70Plmqr9mnnS5blsJfywxKZJVwrxIolqyhj6zNt4F6+BuI
uHHj/HKGU1TWCREHHhaJfw+6LCKXGk+owIiIso4IcKpjVERMbcP9IdS9PM/zIeES
iqw1llkJXQqeK5IjEomQMAHjxL1cNvq4R6UhqXCXru/rCDWUipNfYkUS1MUWtqdM
eJlOKRtDhw4xL0mV4sG6y3p/OFZbBqVUvVPnJiUptNGXl2OWy3WtHaNwj+qJKk1X
jOzLOPBZy6xSLVg0bWcLiISuH4R+aGt9SlpaURJrHiHFP38eNv3ZD+m6Az87XESn
ErE6nEw9XAePqx9R+v8ATFpfExZNzH//2YkBNAQTAQIAHgUCQgocGQIbDwYLCQgH
AwIDFQIDAxYCAQIeAQIXgAAKCRBijqJmARl2XsUKCACnsoy4/Y4walQ+qH4/Ults
o8VwwU81Tx7LNWlRU2yPSefxZkwUrQTeHIPMvAIPCq80MzPvIGxcJOEegX85EpyG
ksG0iclJodB0JIZLS0tdVfe2MUtqsUeQZDA4Zkg1UJRbNUReTqqRTpsFdwxpx1bv
i7SZ1d8Xahz3NhG87eNxVCH1qXkgeDxV57mhzFiOOf24Zblz27JUKv+j0QlbDOgI
SkmDgzqR5+GHbfc1VJf7EauDqBP8OkdpnqaQdtMW3RDYLJKN7oLYEkCboSC3qPgu
cKrihDL87IXJ/aKNY2hxVoIghuwBObXwdMStZleI0O9vmWNxbEuXRm0mS7SvfJfa
iQEcBBMBAgAGBQJCChzqAAoJEE7dHW/Kc5eTLxgH/A2oYBhevhN45L5uSmvWL9ax
HUKIETo3A3GTa5wCC5mntgQ3sv6eal1qhUJbgZ+itkN+Yk7V8Gfs0jtnMrOZ6jY3
OQSmv+g4RUpsqM9Vj0nhPv0QZ+ch2quj2p8N8NJZSVZHm7Hmg89q2714fWK67T3g
LLdgXgkJRA19R6G+FEeQqajcvH3G6j61hML/rH/4c2W91sjCuE800l0uMi7qJVRk
A2p/iQMtwHQiiWNi4Q4giPHad41FoC4HZzgUizo7YdW+pFDmCBR5YVoBDW3KJaXW
7sw0lVJz2CvHvZ5+w+8/4nMdEVohCoLVFArNjYWTkzLd/eXYyFajf/XhZOEiL060
K0F4ZWxsZSBBcHZyaWxsZSA8YXhlbGxlLmFwdnJpbGxlQGdtYWlsLmNvbT6JATYE
EwECACAFAkbqd5ACGw8GCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRBijqJmARl2
XpA8B/oCLxx244LhGaUebu++XxsdJ3cQhUQupz9SyKzsX+Ggcu5/HsrcaRg6Iv+Y
fi0LTLTqKuP8mFqFI4q8hPHByQEhKUBpuLfz9NAEpv9LijkBn8Dvqr2TzTOivOhP
bhslWTp1inJ5N5B1HHn8N0yWKqTCFySPYRvDwdHFLW6igT4eN9OcuQfDWJpL9+4Z
uYQJGWzTevo5Avt0uj7ZvqFr8RZPsSE+912Yd1ctZkzHmcwrENr7hEGC0OGijd5m
RO3tvV99wWKY7qEEYNzXDlucPWQcaUPOPch5uYb6JVbet0E59eA7f244CnLws1iQ
xxE87E93VYbvzG3kPEPIhKYB0bXMtClBeGVsbGUgQXB2cmlsbGUgPGF4ZWxsZUBw
cml2YXRkZW1haWwubmV0PokBOAQTAQIAIgUCUjyw3gIbDwYLCQgHAwIGFQgCCQoL
BBYCAwECHgECF4AACgkQYo6iZgEZdl6IVAf/YicmzU9udI4RWepbjMnx+D9yPbAP
UBUlY6JGy9yLw8/OJPW7DComUy/qoD0hzd3zpWlyW2Jit3WwUowj99OSuicLEEp9
52yDbmFgt0+NoHowlbQJ+7jDgzr6wiJY1V3eoCTCblI2MpiucsrLs/opwCDegnsz
gTJf3MohrCy4PUki0tWhcL2jWG11nuIppUQ6w+hHZEzxwhvBHzAKVv2Mxm8eBDGK
+mzUmIoDof5wWZ5WLNFcp/t266HE4yvgYFFCaPkDO1WRB/lOb/vAWZGMf2YN0qKU
BAnjInoHzdCCfneJkZzRkLHokJAk5WNXw2rx84E2LLZ9U5TuHZzXTSvZW7QeQXhl
bGxlIEFwdnJpbGxlIDxhYXB2QGdteC5jb20+iQE4BBMBAgAiBQJSjO2PAhsPBgsJ
CAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRBijqJmARl2XvuHB/9nRU6pC3wx9yaX
iNc2kQ8P8cZBXDmQ9xpuy0fHzzBkLr2xVOD7i0IOdU+mjuNpBqZC8qUQlHN1xt7g
c03mDK2FXO98/FJZOe6rHGClJvR93OAqwyWJf7q30vw5hO/wjeVOkA+3q95La/Ly
ituLsiRhVW/ZapkqLuWhPFqCFgySNhrXrEa4AqJ+FkljclwOnjHuama/ho/eGL9s
4Uzzqb+yuuopuK1J0o78CCDbWgY9YreTPATUuC3YCDTtIpRtH9VP80Tnm/kEcel+
tYcGwsp2tmOROgG8GgLOcEa7BVF/ehD+aV6FiJDB9yPWyLT/l+a1+bHt8YfyUsLy
EYl6Ek1h
=HAlk
-----END PGP PUBLIC KEY BLOCK-----