A propos du blog

Hey there, this is FrizN, yet another (french) security enthusiast.

I have been an academic in France, a consultant in Australia (where some part of me still is) and somehow ended up doing security engineering at Google Switzerland. I am interested in all things security and CS-related but my heart lies with native stuff, namely reversing and exploitation. I also like to follow malware trends and TTPs as I have been involved in quite a few "offensive security" projects over the years.

As you may see from the articles on this blog, I have been playing CTFs with 0daysober, including for a couple of Defcon finals. I still do from time to time, but sadly rarely get spare weekends nowadays, hence the lack of fresh content. Anyway, this so-called blog is just a little place for me to put articles about CTF challenges and other stuff I might happen to find cool or interesting.

I'll also shamelessly use this page to do a smallish inventory of what I have published and generally not blogged about. Nothing groundbreaking, but always happy to chat about any of this :)

  • Cloud age: where local vulnerabilies go remote: talk at the 1st Unrestcon (Melbourne, 2016) on the discovery and exploitation of ZDI-16-354 (and how it could have been patched)
  • CVE-2016-4322: Remote Privileged Directory Dump in BMC Server Automation
  • ZDI-16-354: ActivePDF RCE, file format vuln with odd exploit pathways
  • CVE-2016-0411: LPE in Oracle Enterprise Management agent

I hope you find something worth reading!