About
Ingénieur en sécurité des infrastructures et des réseaux
Experience
-
-
-
-
-
-
-
Education
-
-
-
-
-
-
-
Licenses & Certifications
Volunteer Experience
-
Administrateur serveurs
Club Info INSA Toulouse
- 3 years 2 months
Science and Technology
-
Responsable développement systèmes embarqués
Club Robot INSA Toulouse
- 2 years 1 month
Science and Technology
Languages
-
French
Native or bilingual proficiency
-
English
Full professional proficiency
-
Spanish
Limited working proficiency
-
Swedish
Elementary proficiency
Other similar profiles
Explore more posts
-
StratosAlly
𝐌𝐚𝐥𝐥𝐨𝐱 𝐒𝐭𝐫𝐢𝐤𝐞𝐬 𝐁𝐚𝐜𝐤: 𝐋𝐢𝐧𝐮𝐱 𝐍𝐨𝐰 𝐢𝐧 𝐈𝐭𝐬 𝐂𝐫𝐨𝐬𝐬𝐡𝐚𝐢𝐫𝐬 Linux users beware! The Mallox ransomware, once targeting only Windows, is now threatening Linux systems. Researchers at SentinelLabs have exposed the new Mallox Linux 1.0. Strengthen your defenses now! Check out the link to learn more about how to protect yourself. https://lnkd.in/gXZRx7Hj #Cybersecurity #Ransomware #Linux #cybernews #stayupdated #stayaware
-
CVE Find
[CVE-2024-21537: HIGH] Versions of the package lilconfig from 3.1.0 and before 3.1.1 are vulnerable to Arbitrary Code Execution due to the insecure usage of eval in the dynamicImport function. An attacker can exploit this vulnerability by passing a malicious input through the defaultLoaders function. https://lnkd.in/eppUhdhf
-
Automated News - Automator Solutions
🔒💼 Ready to play a fun game of Let's Hack Your Data ? Well, introduce LDAPNightmare, the latest hit on GitHub town! 🎉 🚨 **Breaking News Alert:** The ultimate proof-of-concept exploit CVE-2024-49113, a real showstopper also known as LDAPNightmare, is turning heads on GitHub. But wait, there's more! It's not your average PoC; it's a data heist party infecting users with info-stealing malware 🕵️, sashaying away with your sensitive data to an external FTP server. 🕵️♂️💨 🔥 **Implications?** Oh, just your everyday casual data breach scenario. But hey, who doesn't love some adrenaline rush in their cybersecurity routine, right? 😜 🔮 **Prediction Time:** Given this chaotic tech whirlwind we're riding, let's brace ourselves for a rollercoaster ride of exploits and vulnerabilities lurking around the corner. Hold onto your hats, folks! 🎢🎩 🧐 **My Take:** As the tech universe opens Pandora's box of vulnerabilities, let's stay a step ahead and fortify our cyber defenses. Time to strategize, innovate, and up our security game because in this wild tech jungle, it's survival of the cyber-fittest! 💻🔒 👩💻 Join the conversation, tech wizards! Share your thoughts, battle stories, and most innovative security tricks in the comments below! Let's crack the code together. 💬🛡️ #ainews #automatorsolutions #CyberSecurityFiesta #DataBreachDrama #InfoSecInsights #CyberSecurityAINews ----- Original Publish Date: 2025-01-11 09:01
-
StalkPhish
🎣 Phishing Kit ANTAI - Agence nationale de traitement automatisé des infractions deployed! 👉 As many, this kit exfiltrate stolen data into a Telegram Messenger channel. 🔬 By analyzing this kit (which is done automatically by StalkPhish.io), we can recover the exfiltration configuration cc: Cybermalveillance.gouv.fr ANTAI - Agence nationale de traitement automatisé des infractions -- 👉 Detected by StalkPhish.io - follow us and take a look at our website and data to increase your fraud/phishing/brand impersonation detection. #cybersecurity #fraud #phishingkit #yara #frenchtech
2 Comments -
API ThreatStats
🚨High Risk Vulnerability Alert! 🚨: CVE-2024-3435 A path traversal vulnerability exists in the 'save_settings' endpoint of the parisneo/lollms-webui application, affecting versions up to the latest release before 9.5. The vulnerability arises due to insufficient sanitization of the 'config' parameter in the 'apply_settings' function, allowing an attacker to manipulate the application's configuration by sending specially crafted JSON payloads. This could lead to remote code execution (RCE) by bypassing existing patches designed to mitigate such vulnerabilities. CVSSv3.1 Base Score: 8.4 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) #lollms #parisneo #apisecurity #owasp https://lnkd.in/drxXWheK
-
Hacker Associate
🔓 𝐀𝐫𝐝𝐮𝐢𝐧𝐨 𝐍𝐚𝐧𝐨 [ Offensive IoT Hacking & Security ] Hacker Associate 𝑱𝑻𝑨𝑮𝑬𝑵𝑼𝑴: 🔧 𝐃𝐢𝐬𝐜𝐨𝐯𝐞𝐫 𝐡𝐨𝐰 𝐞𝐟𝐟𝐞𝐜𝐭𝐢𝐯𝐞 '𝐟𝐥𝐚𝐬𝐡𝐢𝐧𝐠' 𝐚𝐧𝐝 𝐝𝐞𝐛𝐮𝐠𝐠𝐢𝐧𝐠? #videoshorts 💻 𝐌𝐚𝐬𝐭𝐞𝐫 𝐒𝐞𝐫𝐢𝐚𝐥 𝐂𝐨𝐦𝐦𝐚𝐧𝐝𝐬 𝐟𝐨𝐫 𝐀𝐫𝐝𝐮𝐢𝐧𝐨 𝐍𝐚𝐧𝐨: 𝐒𝐢𝐦𝐩𝐥𝐞 𝐓𝐫𝐨𝐮𝐛𝐥𝐞𝐬𝐡𝐨𝐨𝐭𝐢𝐧𝐠 𝐓𝐢𝐩𝐬 🔧 𝐃𝐢𝐬𝐜𝐨𝐯𝐞𝐫 how effective '𝐟𝐥𝐚𝐬𝐡𝐢𝐧𝐠' and 𝐝𝐞𝐛𝐮𝐠𝐠𝐢𝐧𝐠 can transform your projects! 🤔 𝐅𝐫𝐮𝐬𝐭𝐫𝐚𝐭𝐞𝐝 by unresponsive Arduino projects? ⏰ Imagine cutting your 𝐭𝐫𝐨𝐮𝐛𝐥𝐞𝐬𝐡𝐨𝐨𝐭𝐢𝐧𝐠 𝐭𝐢𝐦𝐞 in half with simple serial commands! 🌐 Want to take it a step further? 𝐇𝐚𝐜𝐤𝐢𝐧𝐠 𝐰𝐢𝐭𝐡 𝐀𝐫𝐝𝐮𝐢𝐧𝐨 can open up a world of possibilities! 🚀 Whether you’re a beginner or an experienced maker, understanding these commands can save you valuable time and resources. 🔓 Let’s explore how to hack and enhance your projects using serial communication with the Arduino Nano! ✨ Discover how effective 'flashing' and debugging can transform your projects into innovative solutions! #cybersecurity #infosec #IoT #hackerassociate #hacking #redteam
-
StratosAlly
𝐂𝐫𝐢𝐭𝐢𝐜𝐚𝐥 𝐀𝐩𝐚𝐜𝐡𝐞 𝐕𝐮𝐥𝐧𝐞𝐫𝐚𝐛𝐢𝐥𝐢𝐭𝐲 𝐀𝐥𝐞𝐫𝐭: 𝐂𝐕𝐄-𝟐𝟎𝟐𝟒-𝟓𝟔𝟑𝟑𝟕 𝐚𝐧𝐝 𝐂𝐕𝐄-𝟐𝟎𝟐𝟒-𝟓𝟎𝟑𝟕𝟗 Apache under attack! Exploiting TOCTOU race conditions, these vulnerabilities target Tomcat on case-insensitive file systems, opening doors to remote code execution. With Java version configurations adding another layer of complexity, securing your systems is now more critical than ever. To get more information about this, tap on the provided link. https://lnkd.in/g32VKyMa #CyberSecurity #Apache #CVEAlert #VulnerabilityManagement #stratosally
-
Vicarius
[Part 1] Villain of the Week 🦹♂️: CVE-2024-6409 Emerging from the shadows to wreak havoc, CVE-2024-6409 targets #OpenSSH on Red Hat Enterprise Linux 9. This devious villain exploits versions 8.7p1 and 8.8p1, unleashing a signal handler race condition that paves the way for remote code execution (#RCE). Similar to its sinister predecessor, CVE-2024-6387 (aka regreSSHion), it allows authenticated attackers to hijack the system by manipulating the SIGALRM signal handler in sshd. The result? Potential RCE within the unprivileged user running the sshd server. Will the villain continue its destruction, or will an unlikely hero appear to neutralize its offense? Stay tuned for Part 2....
-
iSecurity Social
Apple Safari Zero-Day Flaw Exploited At Pwn2Own : Patch Now: Apple has released security updates to address a zero-day vulnerability in its Safari web browser that was exploited during this year’s Pwn2Own Vancouver hacking competition. This issue, identified as CVE-2024-27834, was fixed by enhanced checks on macOS Monterey and macOS Ventura systems. Master of Pwn winner Manfred Paul reported this vulnerability in collaboration with Trend […] The post Apple Safari Zero-Day Flaw Exploited At Pwn2Own : Patch Now appeared first on Cyber Security News. #CyberSecurity #InfoSec
-
Cyborg Cyber Forensics and Information Security (CCFIS)
#CyberWhisper #CyberSecurity #Bootkit : Bootkit is a type of rootkit that alters or replaces the bootloader of the affected system in order to take over control. To remove a bootkit, one will need a bootable medium, which has the necessary tools to undo the changes made by the bootkit.
-
Hyper ICT Oy
Important 𝐂𝐕𝐄 𝐀𝐥𝐞𝐫𝐭: CVE-2023-7028 This critical CVE (Common Vulnerability and Exposure) from 2023 affects GitLab and could allow attackers to take control of administrator accounts. What is CVE-2023-7028? This vulnerability exists in GitLab's password reset functionality. An attacker could potentially exploit it to gain access to an administrator account by providing two email addresses during the reset process. What can you do? If you're a GitLab administrator, prioritize patching your instance to the latest version immediately. GitLab recommends enabling two-factor authentication (2FA) for all users as an additional security measure, as it would prevent unauthorized access even if the password is compromised through this vulnerability. visit our website: www.hyper-ict.com Here's a helpful resource for more information: https://lnkd.in/d2MXaTMS #GitLab #CVE #VulnerabilityManagement #Cybersecurity #hyperict
-
Vietnam Cyberspace Security Technology (VNCS)
⚡ [BREAKING NEWS] CVE-2024-26229: Windows Elevation of Privilege Flaw Weaponized, PoC Exploit on GitHub --------- Security researchers are raising the alarm as proof-of-concept (PoC) exploit code targeting a recently patched high-severity vulnerability (CVE-2024-26229) in Microsoft Windows has surfaced on GitHub. The vulnerability could allow attackers to gain SYSTEM privileges, the highest level of access on a Windows system. This kind of heap-based buffer overflow vulnerability can corrupt memory and potentially enable an attacker to execute arbitrary code or gain unauthorized access to a system. Essentially, attackers can craft malicious code or inputs that trigger the overflow, allowing them to gain control over the affected system, execute arbitrary commands, install malware, or access sensitive data. Security experts warn that without timely defense and prevention strategies, it can lead to serious security breaches. ✅ BeyondTrust Privileged Access Management (PAM) Solution - Stops Privilege Escalation Attacks Right from the Start PAM (Privilege Access Management) solution provides a “security zone” within the enterprise IT systems where all privileged passwords are secured, automatically managed, and shared among authorized users. PAM solutions help organizations solve difficult problems by managing accounts and privileged access in their IT infrastructures. 👉 Learn more how BeyondTrust can mitigate Privilege Escalation Attacks: https://lnkd.in/eJuqdby5 #vncs #secureyourgrowth #beyondtrust #PAM #CVE - - - - - - - - VIETNAM CYBERSPACE SECURITY TECHNOLOGY JSC. (VNCS) 📧 Email: sales@vncs.vn 📍 Website: http://vncs.vn/ ☎️ Hotline: (+84) 924 37 37 37 - Office: (+84) 24 62 911 416 🏢 Address: ▪️ Head Office: Km27, Thang Long Highway, Ha Bang Ward, Thach That Dist., Hanoi, Vietnam. ▪️ Hanoi Branch: Room 401, 4th Floor, Kham Thien Building, 195 Kham Thien, Dong Da, Ha Noi. ▪️ HCM Branch: 2nd Floor, Viet Uc Tower, 402 Nguyen Thi Minh Khai, Ward 05, District 3, Ho Chi Minh.
-
Horizon Secured
How do you deal with IPv6 ? Last week in the huge amount of Zero-Days (10!), there is also one interesting CVE related to IPv6. CVSS 9.8 !! It is RCE and none privileges needed, which is crazy. Do you disable IPv6 in your environment ? Because MS specifically says, that it is not recommended, so I am curious... https://lnkd.in/d8KBG4_6
-
CyberDefenders
🆕 𝐍𝐞𝐰 𝐅𝐫𝐞𝐞 𝐋𝐚𝐛: 𝐑𝐞𝐝 𝐒𝐭𝐞𝐚𝐥𝐞𝐫 🚨 We're thrilled to bring you our latest Free Lab: 𝐑𝐞𝐝 𝐒𝐭𝐞𝐚𝐥𝐞𝐫! As part of the Threat Intelligence team in the SOC (Security Operations Center), you will face a crucial challenge. An executable file has been discovered on a colleague's computer, and it’s suspected to be linked to a Command and Control (C2) server, indicating a potential malware infection. 🔍 In this lab, you will: - Investigate the suspicious executable by analyzing its hash. - Discover and analyze critical data. - Gather valuable insights to other SOC members and the Incident Response team. 📘 Category: Threat Intel 🛠️ Tools you'll use: #VirusTotal #Whois #ThreatFox #MalwareBazaar 🔗 https://lnkd.in/de8iSBBA 🔥 Time to tackle this lab and enhance your cybersecurity skills. Have a fantastic week, and happy analyzing! 😃 #DFIR #SOC #Infosec #Cybersecurity #ThreatIntel
-
Bunkerity
CVE-2024-53264? Bunkerized! As you already know, we advocate for open security and transparency. The way we Bunkerized the CVE-2024-53264 vulnerability is a perfect example of this. A security researcher reported an Open Redirect vulnerability on the BunkerWeb user interface : allowing attackers to redirect authenticated users to arbitrary external URLs. Transparency is one of our core values: we firmly believe it is essential to share these vulnerabilities with our community. It’s worth noting that although the exploitability of this vulnerability in a real-world attack seems relatively complex, we take it seriously and included a fix in version 1.5.12 of BunkerWeb. Cybersecurity is an ever-evolving landscape; let's not leave sensitive data vulnerable. For more information about the CVE : https://lnkd.in/d2_8RDCk #BunkerWeb #OpenSource #cybersecurity #CVE
2 Comments -
TUDIGISEC by Nomios
🚨 CVSS 9.3: GLPI vulnerabilities (a highly used logic in France)🚨 🔍 What's new? Critical flaws have been found in GLPI (Gestionnaire Libre de Parc Informatique), an open-source program used for managing IT assets and service desks. Specifics of the vulnerabilities: • CVE-2024-50339 (CVSS 9.3): Enables an unauthorized attacker to get session IDs and assume the identity of any connected user. • CVE-2024-48912 (CVSS 7.2): Automates an authorized user to delete any user account, even with restricted privileges. • CVE-2024-47760 (CVSS 7.5): A technician with access to the GLPI API can increase their privileges and take over accounts with high permissions. • CVE-2024-47761 (CVSS 7.5): An administrator with access to sent notifications may take advantage of this flaw to take over other user accounts. It is advised that you update to GLPI version 10.0.17 right away in order to fix these vulnerabilities and secure your IT environment. Why this is significant: These vulnerabilities make it possible for potential attacks like session espionage, account suppression, and full administrative account takeover to occur, endangering the security of your company. #Security | #GLPI | #Cybersecurity | #Updates | #Vulnerabilities | #IT | #AssetManagement | #ServiceDesk
-
Mindcore Technologies
💥Researchers Discover "Bootkitty" – First UEFI Bootkit Targeting Linux Kernels💥 The first-ever UEFI bootkit targeting Linux, dubbed Bootkitty, just shifted the cyber threat landscape. This proof-of-concept is proof of one thing: attackers are moving faster than defenses. Here’s why this matters to YOUR business: ◾Secure Boot isn’t invincible. Bootkitty bypasses key security protocols, even in “protected” systems. ◾Linux systems are now just as exposed as Windows old assumptions won’t cut it anymore. ◾The threat isn’t hypothetical. Rootkit features like hidden files, process cloaking, and port control are active risks. 🔑 Key takeaways for decision-makers: 1️⃣ Audit beyond the basics. Firmware threats are invisible to traditional tools. Are your systems REALLY secure? 2️⃣ Don’t trust the default. Misconfigured Secure Boot opens doors hackers are ready to walk through. 3️⃣ Futureproof now. If a proof-of-concept exists, it’s only a matter of time before it’s weaponized. 💡 Our insight: Most breaches we’ve prevented started with small gaps no one was watching. Addressing these gaps is where the real ROI in cybersecurity lies. We want to hear from you: What’s your biggest challenge in keeping up with emerging threats? Let’s exchange strategies below. 👇 ➡️ Pro tip for immediate action: Incorporate firmware audits into your quarterly security reviews. It’s an easy first step to get ahead of threats like this. 🛡️ #Mindcore #Protip #BusinessAwareness #CyberAttack #DataAnalysis
Explore collaborative articles
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
Explore More