Florian Picca

A friend and I released our first open-source tool on our company's GitHub. If you're auditing #Android apps, give it a try !

@maki_mitz @pry0cc the RS -> HS algorithm switching would just allow you to forge a new token (if vulnerable), but not to get the private key

@pry0cc If you can get 2 differents tokens signed with the same private key, you can recover the public key : github.com/FlorianPicca/J… Then try the RS -> HS tricks or try to get the private from the public cc @ENOENT_

@sasaga92 @Synacktiv yes

@ENOENT_ @Synacktiv Did you use any combination of the ghost responses to build md5?

Trick or treats! Track the leak! Hack for treats! The first three travelers to get out of this spooky Halloween challenge will get themselves a special surprise. Hurry up, your time will run out on the 1st of November. halloween.synacktiv.com

@PhackCTF Meilleurs lots de CTF ever 🐰 Merci encore au @PhackCTF !

I made write ups for all the crypto challenges of FCSC 2021 organized by ANSSI. They were really interesting and challenging. bitsdeep.com/write-ups/fcsc…

Sharing a partially redacted PEM online is the same as sharing the PEM. In this blog post, we show that with partial exposure of a PEM, private data can be extracted to recover the full private key. blog.cryptohack.org/twitter-secrets

@_SaxX_ Recovery the full private key based on the infos you just leaked looks a lot like a CTF challenge and might be doable (cc @CryptoHack__ )

This morning, I began another #pentest for a client. After some google-fu dorking combine with the major search engines, I found the id_rsa key that gave me access to the server and a bunch of others 😬😬 another mistake under their radar...

I've written a tool to recover the RSA/ECDSA public key used to sign JWT tokens, because most of the time you don't have access to it. github.com/FlorianPicca/J…

Our first Twitter vulnerable code mini-puzzle. What's the problem with this code? #crypto #cryptography #puzzle

ENOENT (Florian Picca) est adepte de #crypto et passionné par la résolution de #CTF « C’est un domaine qui me passionne et pour lequel je donne tout » #FCSC2020 En savoir + sur @ENOENT_ 🗨️ ssi.gouv.fr/agence/cyberse…

@G4N4P4T1 @enoent Nice !

Les #writeups de Forensics pour le #ctf #FCSC2020 organisé par @ANSSI_FR sont dispo sur mon blog : maki.bzh/walkthrough/fc… Normalement, c'est assez complet! Have fun! Encore merci à l'orga pour les challenges et à @_nwodtuhs pour la relecture 😘 #LesPresquesTutoDeNico

Petit writeup d'un chall d'exfiltration de contenu de PDF chiffré à l'occasion du #FCSC2020 areizen.fr/post/it101/

New article ! How share a shell with your friends to troubleshoot stuff when EVERYTHING ELSE FAILS, a tail of tmux, socat, ssh tunnels, tmate, gotty, ngrok and more ! \o/ thinkloveshare.com/en/hacking/a_h…

New blog post about the ROCA vulnerability ! You'll also find my own multiprocess attack in Sage as a bonus :) #crypto #ctf bitsdeep.com/posts/analysis…

Almost one year ago, I started to put together things I know, things I read and things I learn, on a same place. Some days ago, I decided to refactor and reorganize the whole content. And today, I release it ! Here is a global #Infosec cheatsheet : cheatsheet.haax.fr [1/2]

@CryptoHack__ Lo-Hi Card Game. It felt more like exploiting a vulnerable application than just exploiting the underlying issue

Which is your favourite challenge on the site? What you hoping to learn next?

Users can now upload challenge solutions to CryptoHack. Solutions are unlocked after you submit the flag and you will gain access to all user's solutions. We hope this helps the community learn together. Excited to read your write-ups! cryptohack.org

Hello guys! Today, I'd like to promote a new crypto platform which is very fun! This platform is cryptohack.org by @CryptoHack__ . There are many categories like block ciphers, elliptic curves so you can learn a lot! I have to admit that is kinda addictive. Enjoy 😁