Security Day 2017

I gave a talk last Thursday in Lille at the conference Security Day 2017. It was organized by students of the Lille 1 University and around 40 people were attending.

My slides are available on the website of my current company, Synacktiv . Theses slides are slightly stripped since I was also presenting examples of low-hanging vulnerabilities that could be found on real and popular plugins using basic tools like grep and a pinch of magic regexes. Several of them were leading to RCE so I’m awaiting for responses from the concerned plugin maintainers before releasing it fully. RIPS would be a nicer solution but it’s way to expensive for this use case. They scanned more than 44 705 plugins but the result is still not public.

Dimitri Fourny, from Quarkslab, also published his slides of his talk about ways to cheat in video games like CS:GO.

Nothing to do with it, but the conference organizers also created a challenge (with a “reward” for the first solver of each level), which is available at http://security.fil.cool. You should give it a try :-)

The two first can be easily resolved by using the right tools while the third one is a classic CTF challenge: you know a DSA public key and you can sign a much messages you want using the private one (but you don’t control what’s being signed).