I am a Cybersecurity consultant, specialized in Ethical Hacking. I work for a private company in Luxembourg.

Certifications

  • GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) - Analyst# 1895
  • GIAC Penetration Tester (GPEN) - Analyst# 10953

Publications

  • [French] CVE-2020-3433 : élévation de privilèges sur le client VPN Cisco AnyConnect, MISC n°112 (Les Editions Diamond), November 2020 Article
  • [French] CVE-2020-3153 : élever ses privilèges grâce au télétravail, MISC n°111 (Les Editions Diamond), September 2020 Article
  • Malicious use of Microsoft “Local Administrator Password Solution”, Hack.lu, October 2017 Slides | YouTube
  • Efficiently bypassing SNI-based HTTPS filtering, 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM 2015), May 2015 PDF

CVEs

  • CVE-2020-3433: Cisco AnyConnect for Windows Local Privilege Escalation (DLL hijacking) - CVSS Score: 7.8 (High) - Advisory
  • CVE-2020-3434: Cisco AnyConnect for Windows Denial of Service - CVSS Score: 5.5 (Medium) - Advisory
  • CVE-2020-3435: Cisco AnyConnect for Windows Profile Modification vulnerability (“always-on” bypass) - CVSS Score: 5.5 (Medium) - Advisory
  • CVE-2020-27123: Cisco AnyConnect Secure Mobility Client for Windows Arbitrary File Read Vulnerability - CVSS Score: 5.5 (Medium) - Advisory

Training

  • SpecterOps - Adversary Tactics: Red Team Operations, private training at PwC Brussels, August 2019
  • SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking, SANS Amsterdam, January 2019
  • SEC560: Network Penetration Testing and Ethical Hacking, SANS Brussels, Autumn 2016

Education

  • TELECOM Nancy (Telecommunications, Networks and Services), class of 2015