Nday Manager : Gaurav Baruah - 0day Manager : Peter Vreugdenhil
- Working on 0day/Nday Vulnerabilities and Software Exploitation, Root Cause Analysis, Fuzzing, Vulnerability Reversing, Exploit
Development, Code Coverage, Symbolic Execution, Taint Analysis, Patch Diffing, Attack Surface, Shellcode/Encoders Writing.
- Focus on Windows kernel, Windows Document Readers (Microsoft Office, Adobe Reader), iOS mobile applications.
- Memory Corruption bugs classes : Stack/Heap based Buffer Overflow, Out of Bounds Read/Write, Int Overflow, Use After Free, Double
Free and Web bug classes : SQL injection, command injection, and others
- I have worked here with well known guys in the security research field here as Pedram Amini, Jasiel Spelman, Gaurav Baruah, Peter
Vreugdenhil, Joshua J. Drake and others pwn2own winners and security research books writers as the hacker’s handbooks collection.
-I have started in the Nday team during a long time and i was promoted to the 0day team.
Independant Pentester - Ndays Vulnerability Researcher – Exploit Developper
Writing In memory Fuzzers for Pdf Readers/Browsers/Kernel/Vmware in Python for Windows/iOS/Android
Developping Python tools Using Symbolic Execution, Taint Analysis, Code Coverage, Corpus Distilation and Crash Triage
Regular Use of IDAPro (x86/x64/ARM) for reverse, windbg, gdb, bindiff, angr, triton, pydbg, pykd, afl, winafl and sulley
Read all documents Conferences and books about fuzzing, mitigation bypass, browser/kernel/Virtualization exploitation
Know exploit Memory Corruption Vulnerabilities like Use After Free/Double Free, Int/Stack/Heap Overflow, Format String,
Know All Web Vulnerabilities like SQLi, XSS, CSRF, LFI/RFI and others.
Know Using Techniques like Heap Spray, ROP, Bypass ASLR with write primitive and bstr or Arraybuffer object
Growing up in Windows/iOS/Android Kernel Internals and Pdf Readers/Media Readers and Browser Internals.
Love Practice Binary Diffing to create exploit for known CVE in Adobe Readers, Vmware or Firefox and Edge.
Windows Kernel Exploitation and DriverEntry reversing to find IOCTL Codes to reverse to try to reach vulnerable paths.
Team Leader Pentest /Manager
All types of Pentest (Internal, External, VoIP, Wireless, Web, Active Directories, iOS/Android Smartphones)
Development of Offensive security tools in python/C++
Writing of Internal methodologies for the majority of the Pentest missions
Technical interviews for candidates to enter in the Pentest Team
Digital Forensics and Incidents Response (CERT)
Team Leader Pentest /Manager
Manager : Michael Bittan
All types of Pentest (Internal, External, VoIP, Wireless, Web, Active Directories, iOS Android Smartphones)
Development of Offensive security tools in python/C++
Writing of Internal methodologies for the majority of the Pentest missions
Missions load rating for commercial / Development Assistance for Pentest offer
Digital Forensics and Incidents Response (CERT) and Physical Penetration Tests
Pentester
Manager : Mathieu Renard
Internal Penetration Test (AD Windows, Domain Attacks)
Wireless Penetration Test (Radius, Client Side Attacks, WPA2,etc)
Voip Penetration Tests (Cisco, Alcatel, AASTRA)
Penetration testing on web applications and Smartphones (iOS, Android) /Anti-Forensics
External Penetration Testing, DMZ
Development of specific security tools in python, c
Secure Code Auditing (C, C++, PHP, Java)
Simulation of pc theft and physical compromise, VPN certificates extraction
Reverse Engineering of malware Windows x86 and Physical penetration test
Security Auditor
Technical analysis of Microsoft security products
Implementation of models showing how conventional attacks act and how to protect from themselves and development of security tools
R&D Engineer
Development of exploits to test the functionalities of the patch Grsecurity in Linux. Main task : attack of Linux files system with and without
the patch Grsecurity, incorporating exploits into a Framework for easy carrying on Cavium architecture