Hello World !
Welcome to the my net home, I used it just to have a summary of stuff on which I work (and have worked).
Projects
.:BURP Extension to create an audit trail log:.
BURP extension to record every HTTP request send via BURP and create an audit trail log of an assessment.
.:Tool to generate a dictionary for hidden content discovering:.
Script generating a dictionary containing the most common DISALLOW clauses from robots.txt file found on CISCO Top 1 million sites .
.:Tool to identify new host using the subjectAltName:.
Discover new host using the subjectAltName (Subject Alternate Name) extension of a x509 HTTP TLS certificate.
.:Android app to brute force SMB share access:.
Android v7+ application to perform a dictionary brute force attack against a host exposing SMB Windows shares, FTP server, SSH access.
.:BURP Extension to abuse "Host" header:.
BURP extension providing a set of values for the HTTP request "Host" header for the "BURP Intruder" in order to abuse virtual host resolution.
.:Tool for WebSocket endpoint inspection:.
Interactive shell in order to probe/analyze a WebSocket endpoint.
.:Docker image for web application security scanning:.
Docker build file creating a image of a box containing web application security scanners.
.:OWASP Wiki Contribs:.
Articles created or for which i have contributed to:
- Proposal to build the list of Abuse Cases for a project.
- Proposal to handle any unexpected error at global level in app.
- Proposal to automate testing of authorization in a web application.
- Added sections about usage of Argon2 with Java and PHP to provides usage hints.
- Added sections about Tabnabbing and WebSocket implementation to provides hints on these areas.
- Tips to prevent Insecure Direct Object Reference vulnerability.
- Tips to handle Cross Site Request Forgery (CSRF/XSRF) vulnerability.
- Tips to handle JSON Web Tokens (JWT) in a secure way.
- Tips to handle Injection into Java application code.
- Protect a file upload feature against submission of file containing malicious code.
- Detect profiling phase into web application.
- W3C Content Security Policy specification: Set up in an web app.
- W3C Cross Origin Resource Sharing specification: Origin header scrutiny.
- W3C Cross Origin Resource Sharing specification: Request preflight process checking.
- Automated audit using W3AF.
- Automated audit using SQLMap.
- Automated audit using SKIPFISH.
- Automated audit using WAPITI.
- XPath code injection.
- Error page set up in Java Server Page.
- Error page set up in Java web application deployment descriptor.
- How to decompile Java code.
.:CVE/XLM:.
CVE/XLM that have found during my job for Excellium CSIRT (waiting publishing by the MITRE for some of them):
- CVE-2017-1331: Security issue affecting the product IBM Content Navigator.
- CVE-2017-1282: Security issue affecting the product IBM Content Navigator.
- XLM-2016-121: Security issue affecting the Drupal security module named SecKit.
- CVE-2016-1161: Security issue affecting the product Password Manager Pro (PMP).
- CVE-2016-1159: Security issue affecting the product Password Manager Pro (PMP).
- CVE-2015-5606: Security issue affecting the product VORDEL XML GATEWAY.
- CVE-2015-5462: Security issue affecting the product AXIOM.
- CVE-2015-5463: Security issue affecting the product AXIOM.
- CVE-2015-5384: Security issue affecting the product AXIOM.
.:OTHERS VULNS:.
Others vulnerability that have found during my job for Excellium CSIRT:
.:TALKS:.
Talks given to conferences:
- VOXXED DAYS Luxembourg 2016: Abusing web browsers for fun and profit.
- VOXXED DAYS Luxembourg 2018: Handle authorization security issues with testing automation.
.:SLIDES DECK:.
Collections of slides from several talks given.
.:IT Security Magazines articles:.
Article created for HAKIN9 and its associated magazines (in fact I have realized that using this channel, the information is not free then I have stopped writing article for magazine and made focus on free wiki like OWASP where information is freely available):