[+] | [-]

Hello World !

Welcome to the my net home, I used it just to have a summary of stuff on which I work (and have worked).


.:Tool to identify new host using the subjectAltName:.

Discover new host using the subjectAltName (Subject Alternate Name) extension of a x509 HTTP TLS certificate.

.:Android app to brute force SMB share access:.

Android v7+ application to perform a dictionary brute force attack against a host exposing SMB share(s).

.:BURP Extension to abuse "Host" header:.

BURP extension providing a set of values for the HTTP request "Host" header for the "BURP Intruder" in order to abuse virtual host resolution.

.:Tool for WebSocket endpoint inspection:.

Interactive shell in order to probe/analyze a WebSocket endpoint.

.:CSRF in a secure way:.

Materialize CSRF prevention concepts described in the OWASP Cross Site Request Forgery cheatsheet.

.:WebSocket in a secure way:.

Materialize WebSocket prevention concepts described in the OWASP HTML5 cheatsheet.

.:JWT in a secure way:.

Provide tips to handle JSON Web Tokens (JWT) in a secure way.

.:Injection prevention:.

Provide tips to handle Injection into Java application code.

.:Detection of potential malicious files into file upload:.

Provide tips to protect an document upload application feature against "malicious" document submission.

.:Docker image for web application security scanning:.

Docker build file creating a image of a box containing web application security scanners.

.:OWASP Wiki Contribs:.

Articles created or for which i have contributed to:

.:OWASP SonarQube:.

Rules specification submited (rules are validated, waiting for implementation from SonarQube folks):


CVE/XLM that have found during my job for Excellium CSIRT (waiting publishing by the MITRE for some of them):


Others vulnerability that have found during my job for Excellium CSIRT:


Talks given to conferences:

.:IT Security Magazines articles:.

Article created for HAKIN9 and its associated magazines (in fact I have realized that using this channel, the information is not free then I have stopped writing article for magazine and made focus on free wiki like OWASP where information is freely available):