FR EN

About this blog

Hey there, this is FrizN, yet another (french) security enthusiast.

I have been an academic in France, a consultant in Australia and somehow ended up doing red teaming at Google Switzerland. I am interested in all things security and CS-related but my heart lies with native stuff, namely reversing and exploitation. I also like to follow malware trends and TTPs as I have been involved in quite a few "offensive security" projects over the years.

As you may see from the articles on this blog, I have been playing CTFs with 0daysober, including for 3 Defcon finals. I still do from time to time, but sadly rarely get spare weekends nowadays, hence the lack of fresh content. Anyway, this so-called blog is just a little place for me to put articles about CTF challenges and other stuff I might happen to find cool or interesting.

I'll also shamelessly use this page to do a smallish inventory of what I have published and generally not blogged about. Nothing groundbreaking, but always happy to chat about any of this :)

  • CVE-2018-19647: unauth root RCE in BMC Remedy Action Request System
  • CVE-2018-7264: more RCEs akin to ZDI-16-354 in ActivePDF (all fixed this time)
  • Cloud age: where local vulnerabilies go remote: talk at the 1st Unrestcon (Melbourne, 2016) on the discovery and exploitation of ZDI-16-354 (and how it could have been patched)
  • CVE-2016-4322: unauth remote privileged recursive directory copy in BMC Server Automation
  • ZDI-16-354: ActivePDF RCE 0-day, file format vuln with odd exploit pathways, fixed ~a year and a half after public disclosure
  • CVE-2016-0411: LPE in Oracle Enterprise Management agent

I hope you find something worth reading!