About me

I am a Cybersecurity consultant, specialized in Ethical Hacking. I work for a private company in Luxembourg.

Certifications

(French) CVE-2020-3433 : élévation de privilèges sur le client VPN Cisco AnyConnect, MISC n°112 (Les Editions Diamond), November 2020 Article
(French) CVE-2020-3153 : élever ses privilèges grâce au télétravail, MISC n°111 (Les Editions Diamond), September 2020 Article
Malicious use of Microsoft “Local Administrator Password Solution”, Hack.lu, October 2017 Slides | YouTube
Efficiently bypassing SNI-based HTTPS filtering, 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM 2015), May 2015 PDF

CVE-2023-38042: Ivanti Secure Access Client for Windows Local Privilege Escalation Vulnerability - CVSS Score: 7.8 (High) - Advisory
CVE-2021-1427: Cisco AnyConnect Secure Mobility Client for Windows Upgrade DLL Hijacking Vulnerability - CVSS Score: 7.0 (High) - Advisory (also found independently by other security researchers)
CVE-2020-27123: Cisco AnyConnect Secure Mobility Client for Windows Arbitrary File Read Vulnerability - CVSS Score: 5.5 (Medium) - Advisory
CVE-2020-3435: Cisco AnyConnect for Windows Profile Modification vulnerability (“always-on” bypass) - CVSS Score: 5.5 (Medium) - Advisory
CVE-2020-3434: Cisco AnyConnect for Windows Denial of Service - CVSS Score: 5.5 (Medium) - Advisory
CVE-2020-3433: Cisco AnyConnect for Windows Local Privilege Escalation (DLL hijacking) - CVSS Score: 7.8 (High) - Advisory

Red Team Ops II, Zero-Point Security, self-study, July 2024
Red Team Ops, Zero-Point Security, self-study, March/April 2024
SEC599: Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses, SANS OnDemand, May 2022
SpecterOps - Adversary Tactics: Red Team Operations, private training at PwC Brussels, August 2019
SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking, SANS Amsterdam, January 2019
SEC560: Network Penetration Testing and Ethical Hacking, SANS Brussels, Autumn 2016