Resume

Un article de Page Personnelle de Cédric Blancher, l'encyclopéde libre.

francais.png (http://sid.rstack.org/index.php/Curriculum_Vitae) Version française ici

Scroll


Cédric BLANCHER

Master of Science (diplôme d'ingénieur) at ENST de Bretagne (http://en.wikipedia.org/wiki/%C3%89cole_nationale_sup%C3%A9rieure_des_t%C3%A9l%C3%A9communications_de_Bretagne) (website (http://www.enst-bretagne.fr/), 2001)

Research Engineer in IT Systems and Networks Security


linkedin.png (https://www.linkedin.com/in/cedric)
My LinkedIn profile (https://www.linkedin.com/in/cedric)


Sommaire
1 Education
2 Spoken Languages
3 Employment History

3.1 EADS France, Innovation Works (Suresnes)
3.2 Arche (Les Ulis)
3.3 Cartel Sécurité (ex. Cartel Informatique, Paris)
3.4 Startem (Groupe Datops, ex. CMC, Paris)
3.5 CMC (Paris)
3.6 ENST Bretagne (Brest)

4 Contributions

4.1 Software
4.2 Lectures and trainings
4.3 Articles (cf. Contributions)

4.3.1 MISC Magazine (http://www.miscmag.com/)
4.3.2 Linux Magazine France (http://www.linuxmag-france.org/)
4.3.3 Symposium sur la Sécurité des Technologies de l'Information et de la Communication (http://www.sstic.org/)

4.4 Conferences and talks (cf. Contributions)
4.5 Misc.

5 Leasures
[modifier]

Education

  • 1996-2000: MSc at ENST Bretagne.


[modifier]

Spoken Languages

  • French (mother tongue)
  • English (bilingual, lectures and talks given in english), 945 at TOEIC (http://www.toeic.eu/)
[modifier]

Employment History

[modifier]

EADS France, Innovation Works (Suresnes)

http://www.eads.com/

Since 2004/11/02

Research Engineer and Head of Computer Security Research Lab (IW/SE/CS)

  • Research and development.
  • Penetration testings
  • Trainings.

Context: network protocols security proof, security of wired and wireless network communications, security of embedded systems.

[modifier]

Arche (Les Ulis)

http://www.arche.fr/

From 2003/07/15 to 2004/10/31

IT systems and networks security consultant

  • Consultancy
  • Audits and penetration testings
  • Trainings
  • Security pre-sales
[modifier]

Cartel Sécurité (ex. Cartel Informatique, Paris)

http://www.cartel-securite.fr/

From 2000/11/09 to 2003/07/02

IT systems and networks security consultant

  • Consultancy and solutions deployment
  • Audit and penetration testing
  • Trainings
  • Free Software promotion
[modifier]

Startem (Groupe Datops, ex. CMC, Paris)

From 1999/09/15 to 2000/09/29

Chief of IT department

  • IT Security chief
  • Teacher at CELSA trainings
  • LAN, Internet access and services deployment
[modifier]

CMC (Paris)

From 1999/04/15 to 1999/09/14

Trainee at IT department

  • Responsible for "Year 2k" project
  • Study for Internet access deployment
  • Network and system administrator
[modifier]

ENST Bretagne (Brest)

http://www.enst-bretagne.fr/

1997/09 to 2000/03

New student LAN deployement at the Maison des Élèves (http://resel.enst-bretagne.fr/) of ENST Bretagne (250 student workstations)

  • New ethernet backbone, internal services, firewalling on GNU/Linux plateforms
  • Day to day technical helpdesk and training for students

From 1998/07 to 1998/08

Trainee at IT departement (http://www-info.enst-bretagne.fr/)

  • Study on smartcard based billing system for ENST Bretagne restaurant (Restaurant Administratif de Kernevent)


[modifier]

Contributions

[modifier]

Software

  • Wifitap: a WiFi communication tool based on traffic injection written in Python (http://www.python.org/)
  • Patch for ebtables (http://ebtables.sourceforge.net/) ARP match
  • Patch for aireplay (http://www.aircrack-ng.org/) FromDS frame support
[modifier]

Lectures and trainings

  • Since 2003/09: Professor in CISI MSc (http://www.cryptis.fr/) for Limoges University (http://www.unilim.fr/).
    IT systems and networks security (24h).
  • Since 2004/09: Professor in SSI MSc (http://www.esiea.fr/ms-sis) for ESIEA (http://www.esiea.fr/).
    IT networks security (21h).
  • From 2004/06/28 to 2004/07/09: Teacher at CEA-INRIA-EDF IT Summer School (http://ecole-ete.bruyeres.cea.fr/Archives/2004/ecole-informatique.html).
    IT Security training for 35 trainees during two weeks, with lectures, practical studies and conferences.
    IT networks security (6h) and security evaluation (3h).
  • Since 2001/06/11: INTIF (http://intif.francophonie.org/) (Bordeaux), part of AIF (http://agence.francophonie.org/) (Paris).
    GNU/Linux security teacher and IT consultant.
    • From 2005/10/13 to 2005/10/17: GNU/Linux security training for the second Rencontres Africaines du Logiciel Libre (RALL 2005, Free Software Meeting for Africa) in Libreville, Gabon, with Frédéric Raynal (http://www.security-labs.org/)
    • From 2004/09/27 to 2004/10/1: GNU/Linux security training for the first Rencontres Africaines du Logiciel Libre (http://agence.francophonie.org/actualites/nouvelle.cfm?der_id=510) (RALL 2004, Free Software Meeting for Africa) in Ouagadougoug, Burkina Faso, with Frédéric Raynal (http://www.security-labs.org/)
    • From 2003/10/13 to 2003/10/18: GNU/Linux security training in Antananarivo, Madagascar, with Guillaume Valadon (http://guillaume.valadon.net/).
    • From 2001/06/11 to 2001/06/16: GNU/Linux security training in Lomé, Togo, with Laurent Oudot (http://www.rstack.org/oudot/).
  • Others
    • Various WiFi security traingings (SyScan'06, Cansecwest/core06, Eusecwest/core06, etc.)
[modifier]

Articles (cf. Contributions)

[modifier]

MISC Magazine (http://www.miscmag.com/)

  • Special Issue 1 (2007/10), Cartographie réseau à distance : remote network topology discovery technics.
  • MISC 30 (2007/03), Attaque de WEP par fragmentation: description of a 802.11 fragmentation based attack against WEP.
  • MISC 21 (2005/09), Les limites du filtrage réseau: network flows filtering technics limits.
  • MISC 18 (2005/03), Anonymisation, written with Arnaud Guignard: anonymizing systems basis and study of email and TCP anonymization tools.
  • MISC 17 (2005/01), Filtrage applicatif, les cas des clients Web, de la messagerie et du peer-to-peer: filtering technics for common applications and client protection.
  • MISC 13 (2004/05), Filtrage de niveau 2, le firewalling au plus bas niveau: Layer 2 filtering functionalities for network protection.
  • MISC 12 (2004/03), La sécurité des réseaux 802.11, quoi de neuf depuis un an: WPA and 802.11i improvements for WiFi network security.
  • MISC 11 (2004/01), EAP, l'authentification sur mesure: EAP and 802.1x authentication.
  • MISC 9 (2003/09), Du bon usage du traceroute, ou comment faire parler les infrastructures réseau en jouant avec le champ TTL: advanced tracerouting technics for network architectures discovery.
  • MISC 6 (2003/03), Faiblesses des réseaux sans-fil, written with Daniel Polombo: WiFi networks flaws exploitation.
  • MISC 3 (2002/07), Jouer avec le protocole ARP, ou tout ce que vous avez toujours voulu savoir sur ARP sans oser le demander, written with Éric Detoisien and Frédéric Raynal: ARP based attacks for network flaws interception.
    See website http://sid.rstack.org/arp-sk/
[modifier]

Linux Magazine France (http://www.linuxmag-france.org/)

  • Special issue 17 (2003/11), Le noyau et le réseau, comment repousser les limites de la connectivité: Linux kernel network functionalities.
  • Special issue 16 (2003/09), Patcher son noyau, ou l'art de ne pas s'enfuir en courant à la simple évocation du mot "patch": practical guide to kernel sources patching and conflicts resolution.
  • Special issue 13 (2003/01), Les firewalls personnels, principes, atouts et limites: personal firewalls description and limits.
  • Special issue 12 (2002/09), Netfilter en profondeur, les secrets du pare-feu selon Linux: Netfilter, Linux 2.4 and further kernels, internal mechanisms.
[modifier]

Symposium sur la Sécurité des Technologies de l'Information et de la Communication (http://www.sstic.org/)

  • Third edition (2005/06), Protocoles réseau, grandeur et décadence: network trafic redirection gainst major network protocols.
  • First edition (2003/06), Atouts et limites du modèle de sécurité du pare-feu personnel: personal firewalls security principles, implementation, integration and limits analysis.
[modifier]

Conferences and talks (cf. Contributions)

  • 2008/03/12-2008/03/14: Source Boston 2008 (http://sourceboston.com/), Boston, United States.
    Network de-perimetrisation concept and security implications.
  • 2007/10/30-2007/10/31: Bellua Cyber Security Asia 2007 (http://bellua.com/bcs/asia07.index.html), Jakarta, Indonesia.
    Aircraft onboard systems security, with Pascal Andrei.
    Local networks authenticated access and associated services.
  • 2007/06/14: Smart WIP Club, Paris, France,
    Discussion around Skype (http://www.skype.net/) security issues.
  • 2007/05/22: JSSI 2007 (http://www.ossir.org/jssi/), Paris, France.
    Blogs and security, with Éric Hazane.
  • 2007/05/10: Éducation Nationale CISO annual meeting, Paris, France.
    Wi-Fi captive portals limitations.
  • 2007/04/23-2007/04/25: 2nd Wireless Security Conference, Singapore.
    Lessons learnt from eight years of Wi-Fi security.
    Workshop on Wi-Fi security history.
  • 2007/04/06-2007/04/07: JSSIC 2007 (http://e-ucad.sn/index.php?option=com_content&task=view&id=28&Itemid=1), Dakar, Senegal.
    Wi-Fi security.
  • 2007/03/19-2007/03/21: SecurityOpus 2007 (http://www.securityopus.com), San Francisco, United States.
    Wi-Fi security myths busting.
  • 2006/10/19-2006/10/21: Hack.lu 2006 (http://hack.lu/), Luxembourg.
    Wi-Fi security, with Phillippe Tewen (http://wiki.teuwen.org/).
    Lightning talk son Skype based botnets.
  • 2006/08/30-2006/08/31: Bellua Cyber Security Asia 2006 (http://bellua.com/bcs/asia06.index.html), Jakarta, Indonesia.
    Open Wi-Fi networks vulnerabilities.
    Panel discussion (Un)ethical Hacking... where is the line?
  • 2006/06/16-2006/06/18: Recon 2006 (http://recon.cx/), Montreal, Canada.
    Lightning talk on Skype based botnets.
  • 2006/05/22: JSSI 2006 (http://www.ossir.org/jssi/), Paris, France.
    Panel discussion Les nouvelles technologies de l'information : y aller ou non ?
  • 2006/02/20-2006/02/21: Eusecwest/core06 (http://eusecwest.com/), London, United Kingdom.
    Lightning talk on Captive Portal bypass.
  • 2006/02/08-2006/02/10: SecureCon 2006 (http://securecon.unimelb.edu.au/), Melbourne, Australia.
    WiFi networks attacks based on traffic injection.
  • 2005/11/15-2005/11/16: Pacsec/core05 (http://pacsec.jp/), Tokyo, Japan.
    WiFi networks attacks based on traffic injection.
  • 2005/10/01-2005/10/02: Ruxcon 2005 (http://ruxcon.org.au/), Sydney, Australia.
    WiFi networks attacks based on traffic injection.
    Cf. Impressions of Ruxcon 2005 (http://www.rockyh.net/blog/2005/10/2/impressions-of-ruxcon-2005.html)
    Cf. Ruxcon wrap up (http://blog.pentester.com.au/2005/10/ruxcon-wrap-up.html)
  • 2005/09/01-2005/09/02: SyScAN'05 (http://syscan.org/), Bangkok, Thailand.
    WiFi networks attacks based on wireless trafic injection.
  • 2005/07/05-2005/07/09: LSM 2005 (http://rencontresmondiales.org/), Dijon, France.
    WiFi networks attacks based on wireless trafic injection.
  • 2005/06/17-2005/06/19: Recon 2005 (http://recon.cx/), Montreal, Canada.
    WiFi networks attacks based on wireless trafic injection.
    Public release of Wifitap.
    Cf. SANS ISC Handler Diary June 26th 2005 (http://isc.sans.org/diary.php?date=2005-06-26)
    Cf. Report from the trenches RECON conference in Montreal (http://www.professionalsecuritytesters.org/modules.php?name=News&new_topic=41)
  • 2005/06/01-2005/06/03: Symposium sur la Sécurité des Technologies de l'Information et de la Communication (http://www.sstic.org/) (SSTIC), Rennes, France.
    Network traffic redirection against major Internet protocols.
    Lightning talk about Wifitap, a WiFi communication tool based on traffic injection.
    cf. HSC newsletter (http://www.hsc-news.com/): #11, July 2005 (http://www.hsc-news.com/archives/2005/000024.html)
    cf. article in Réseaux et Télécom CSO (http://www.reseaux-telecoms.com/CSO): SSTIC 05, le hack noir vu par le hack blanc (http://www.reseaux-telecoms.com/cso_btree/05_07_01_124058_106/CSO/Newscso_view)
  • 2005/05/10: JSSI 2005 (http://www.ossir.org/jssi/), Paris, France.
    Security risks linked to remote access and mobile computering
  • 2005/05/04-2005/05/06: Cansecwest/core05 (http://cansecwest.com/), Vancouver, Canada.
    Security risks linked to remote access and mobile computering
  • 2005/03/21-2005/03/23: Eurosec 2005 (http://www.xpconseil.com/eurosec2005/), Paris, France.
    Honeynet (http://www.honeynet.org/) technologies and tools for improving intrusion detection, with Philippe Biondi (http://www.secdev.org/)
  • 2005/02/07-2005/02/09: JIA 2005 (http://jia-iset-sfax.org/), Sfax, Tunisia.
    Free Software for IT security
  • 2004/10/04-2004/10/07: Rencontres Africaines du Logiciel Libre (http://rall.abull.bf/) (RALL), Ouagadougou, Burkina Faso.
    Improving IT security with Free Software tools, with Frédéric Raynal (http://www.security-labs.org/), as part of ISWS summit preparation workshop
  • 2004/06/02-2004/06/04: Symposium sur la Sécurité des Technologies de l'Information et de la Communication (http://www.sstic.org/) (SSTIC), Rennes, France.
    Security risks linked to remote access and mobile computering
    Cf. article in ZDNet.fr (http://www.zdnet.fr/): Le gratin de la sécurité en France ausculte les risques de l'informatique mobile (http://www.zdnet.fr/actualites/technologie/0,39020809,39156107,00.htm)
    Lightning talk on embedded systems usage for honeynets deployment and HoneyWRT project
  • 2004/03/25-2004/03/27: JIA 2004 (http://www.mediabox-tunisie.com/jia/), Yasmine Hammamet, Tunisia.
    Entreprise Web portal deployment using GNU/Linux and Free Software
    Entreprise Web portal security
  • 2004/03/22-2004/03/24: Eurosec 2004 (http://www.xpconseil.com/eurosec2004/), Paris, France.
    Honeypots farms concept and implementation using GNU/Linux, with Franck Veysset
  • 2004/02/10: OSSIR (http://www.ossir.org/), Paris, France.
    Presentation of French Honeynet Project (http://www.frenchhoneynet.org/) group, members and actions, and focus on honeypots, farms with Franck Veysset
  • 2003/11/17-2003/11/20: Colloque National sur les Logiciel Libres, Abidjan, Ivory Coast.
    Free Software for entreprises and administrations IT security
    TV show Challenges about Free Software
    See article (http://linuxfr.org/2003/11/22/14652.html) on LinuxFR (http://linuxfr.org/).
  • 2003/11/11: Install Party ENS Cachan, Cachan, France.
    Linux kernel network capabilities
  • 2003/07/09-2003/07/12: Libre Software Meeting (http://www.rencontresmondiales.org/), Metz, France.
    Lightning talks session organisation for security topic (http://wiki.ael.be/rmll2003/index.php/ThemeSecurite)
    Layer 2 filtering using GNU/Linux tools (Netfilter (http://www.netfilter.org/)/ebtables (http://ebtables.sourceforge.net))
    Free Software for IT security
  • 2003/06/10-2003/06/12: Symposium sur la Sécurité des Technologies de l'Information et de la Communication (http://www.sstic.org) (SSTIC), Rennes, France.
    Personal firewalls concept, implementation and limits
    Cf. article in Transfert.net (http://www.transfert.net/): Les firewalls personnels sont loin d'être infaillibles (http://www.transfert.net/a8997).
  • 2003/05/21: Challenge Securitech (http://www.challenge-securitech.com/), Paris, France.
    Local network security issues
  • 2003/05/11: Committee on Development Information (http://www.uneca.org/codi/) (CODI) of United Nations Economic Commission for Africa, Addis Abeba, Ethiopia.
    GNU/Linux for IT security and Netfilter
  • 2003/03/15: Journée du Logiciel Libre dans l'Éducation et la Sécurité (http://www.parinux.org/activites/installparty/JLLE_LEF.html), Orsay, France.
    Discussion around Free Software and IT security, with Philippe Biondi (http://www.secdev.org/).
  • 2002/11/15: Groupe FRnOG (http://www.frnog.org/), Boulogne Billancourt.
    Arp-sk (http://sid.rstack.org/arp-sk/) tool and ARP security issues, with Frédéric Raynal (http://www.security-labs.org/).
  • 2002/10/26-2003/10/27: Vitré On Line, Vitré, France.
    Internet access security issues for end-users
  • 2002/07/09-2002/07/13: Rencontres Mondiales du Logiciel Libre (http://www.rencontresmondiales.org/) (Libre Software Meeting), Bordeaux, France.
    ARP security issues: "Switched network security: a fairy tale..."
    Why choose Free Software for security policy implementation ?
  • 2002/05/14: CLUSIF (http://www.clusif.asso.fr/) (CLUb de la Sécurité des systèmes d'Information Français), Paris, France.
    GNU/Linux and 2.4 kernels improvements for IT security, with Philippe Biondi (http://www.secdev.org/).
  • 2001/12/11: CLUSIF (http://www.clusif.asso.fr/) (CLUb de la Sécurité des systèmes d'Information Français), Paris, France.
    Intrusion demonstration with bouce and priviledge escalation, with Daniel Polombo.
  • 2001/07/04-2001/07/08: Rencontres Mondiales du Logiciel Libre (http://www.rencontresmondiales.org/) (Libre Software Meeting), Bordeaux, France.
    Discussion around RIF project about software and documentation mirror servers en Africa
[modifier]

Misc.

  • Since 2001/07
    RIF project member: software and documentation mirrors installation in Africa, prsented at Libre Software Meeting (http://www.rencontresmondiales.org/) (Libre Software Meeting) with Laurent Oudot (http://www.rstack.org/oudot/) et Monique Michaud.


[modifier]

Leasures

  • Iaido (http://www.cnkendo-da.com/iaido.htm)
  • Basket ball (http://www.basketfrance.com/)
  • Cinema
  • Cooking and vin
  • Travels
Récupérée de "http://sid.rstack.org/index.php/Resume"
Outils personels

RSS feed RSS

Atom feed Atom

No software patents !

PageRank Actuel

Valid XHTML 1.0 Transitional