FR EN

About this blog

Hey there, this is FrizN, yet another (French) security enthusiast.

I have worked in a variety of security roles in France, Switzerland and Australia, and used to be a tech lead in Google's red team. I am interested in all things security and CS-related but my heart lies with native stuff, namely reversing and exploitation. I also like to follow modern malware trends and TTPs, as "offensive" tooling has been and continues to be a significant part of my work.

As you may see from the articles on this blog, I played CTFs with 0daysober, including for 3 Defcon finals. I rarely get spare weekends nowadays sadly, hence the lack of fresh content. Anyway, this so-called blog is just a little place for me to put articles about CTF challenges and other stuff I might happen to find cool or interesting.

I'll also shamelessly use this page to do a smallish inventory of what I have published and generally not blogged about. Nothing groundbreaking, but always happy to chat about any of this :)

  • CVE-2018-19647: unauth root RCE in BMC Remedy Action Request System
  • CVE-2018-7264: more RCEs akin to ZDI-16-354 in ActivePDF (all fixed this time)
  • Cloud age: where local vulnerabilies go remote: talk at the 1st Unrestcon (Melbourne, 2016) on the discovery and exploitation of ZDI-16-354 (and how it could have been patched)
  • CVE-2016-4322: unauth remote privileged recursive directory copy in BMC Server Automation
  • ZDI-16-354: ActivePDF RCE 0-day, file format vuln with odd exploit pathways, fixed ~a year and a half after public disclosure
  • CVE-2016-0411: LPE in Oracle Enterprise Management agent

I hope you find something worth reading!