De Page Personnelle de Cédric Blancher.

Aller à : Navigation, rechercher

Version française ici

Cédric BLANCHER

E-mail: blancher@cartel-securite.fr
Web: http://sid.rstack.org/
Blog: http://sid.rstack.org/blog/
Born on 27th of February 1976 in Limoges
French nationality

Master of Science (diplôme d'ingénieur) at ENST de Bretagne (website, 2001)

Research Engineer in IT Systems and Networks Security

My LinkedIn profile

[modifier] Education

1996-2000: MSc at ENST Bretagne.

[modifier] Spoken Languages

French (mother tongue)
English (bilingual, lectures and talks given in english), 945 at TOEIC

[modifier] Employment History

[modifier] EADS France, Innovation Works (Suresnes)

http://www.eads.com/

Since 2004/11/02

Research Engineer and Head of Computer Security Research Lab (IW/SE/CS)

Research and development.
Penetration testings
Trainings.

Context: network protocols security proof, security of wired and wireless network communications, security of embedded systems.

[modifier] Arche (Les Ulis)

http://www.arche.fr/

From 2003/07/15 to 2004/10/31

IT systems and networks security consultant

Consultancy
Audits and penetration testings
Trainings
Security pre-sales

[modifier] Cartel Sécurité (ex. Cartel Informatique, Paris)

http://www.cartel-securite.fr/

From 2000/11/09 to 2003/07/02

IT systems and networks security consultant

Consultancy and solutions deployment
Audit and penetration testing
Trainings
Free Software promotion

[modifier] Startem (Groupe Datops, ex. CMC, Paris)

From 1999/09/15 to 2000/09/29

Chief of IT department

IT Security chief
Teacher at CELSA trainings
LAN, Internet access and services deployment

[modifier] CMC (Paris)

From 1999/04/15 to 1999/09/14

Trainee at IT department

Responsible for "Year 2k" project
Study for Internet access deployment
Network and system administrator

[modifier] ENST Bretagne (Brest)

http://www.enst-bretagne.fr/

1997/09 to 2000/03

New student LAN deployement at the Maison des �?lèves of ENST Bretagne (250 student workstations)

New ethernet backbone, internal services, firewalling on GNU/Linux plateforms
Day to day technical helpdesk and training for students

From 1998/07 to 1998/08

Trainee at IT departement

Study on smartcard based billing system for ENST Bretagne restaurant (Restaurant Administratif de Kernevent)

[modifier] Contributions

[modifier] Software

Wifitap: a WiFi communication tool based on traffic injection written in Python
Patch for ebtables ARP match
Patch for aireplay FromDS frame support

[modifier] Lectures and trainings

Since 2003/09: Professor in CISI MSc for Limoges University.
IT systems and networks security (24h).
Since 2004/09: Professor in SSI MSc for ESIEA.
IT networks security (21h).
From 2004/06/28 to 2004/07/09: Teacher at CEA-INRIA-EDF IT Summer School.
IT Security training for 35 trainees during two weeks, with lectures, practical studies and conferences.
IT networks security (6h) and security evaluation (3h).
Since 2001/06/11: INTIF (Bordeaux), part of AIF (Paris).
GNU/Linux security teacher and IT consultant.
- From 2005/10/13 to 2005/10/17: GNU/Linux security training for the second Rencontres Africaines du Logiciel Libre (RALL 2005, Free Software Meeting for Africa) in Libreville, Gabon, with Frédéric Raynal
- From 2004/09/27 to 2004/10/1: GNU/Linux security training for the first Rencontres Africaines du Logiciel Libre (RALL 2004, Free Software Meeting for Africa) in Ouagadougoug, Burkina Faso, with Frédéric Raynal
- From 2003/10/13 to 2003/10/18: GNU/Linux security training in Antananarivo, Madagascar, with Guillaume Valadon.
- From 2001/06/11 to 2001/06/16: GNU/Linux security training in Lomé, Togo, with Laurent Oudot.
Others
- Various WiFi security traingings (SyScan'06, Cansecwest/core06, Eusecwest/core06, etc.)

[modifier] Articles (cf. Contributions)

[modifier] MISC Magazine

Special Issue 1 (2007/10), Cartographie réseau à distance : remote network topology discovery technics.
MISC 30 (2007/03), Attaque de WEP par fragmentation: description of a 802.11 fragmentation based attack against WEP.
MISC 21 (2005/09), Les limites du filtrage réseau: network flows filtering technics limits.
MISC 18 (2005/03), Anonymisation, written with Arnaud Guignard: anonymizing systems basis and study of email and TCP anonymization tools.
MISC 17 (2005/01), Filtrage applicatif, les cas des clients Web, de la messagerie et du peer-to-peer: filtering technics for common applications and client protection.
MISC 13 (2004/05), Filtrage de niveau 2, le firewalling au plus bas niveau: Layer 2 filtering functionalities for network protection.
MISC 12 (2004/03), La sécurité des réseaux 802.11, quoi de neuf depuis un an: WPA and 802.11i improvements for WiFi network security.
MISC 11 (2004/01), EAP, l'authentification sur mesure: EAP and 802.1x authentication.
MISC 9 (2003/09), Du bon usage du traceroute, ou comment faire parler les infrastructures réseau en jouant avec le champ TTL: advanced tracerouting technics for network architectures discovery.
MISC 6 (2003/03), Faiblesses des réseaux sans-fil, written with Daniel Polombo: WiFi networks flaws exploitation.
MISC 3 (2002/07), Jouer avec le protocole ARP, ou tout ce que vous avez toujours voulu savoir sur ARP sans oser le demander, written with �?ric Detoisien and Frédéric Raynal: ARP based attacks for network flaws interception.
See website http://sid.rstack.org/arp-sk/

[modifier] Linux Magazine France

Special issue 17 (2003/11), Le noyau et le réseau, comment repousser les limites de la connectivité: Linux kernel network functionalities.
Special issue 16 (2003/09), Patcher son noyau, ou l'art de ne pas s'enfuir en courant à la simple évocation du mot "patch": practical guide to kernel sources patching and conflicts resolution.
Special issue 13 (2003/01), Les firewalls personnels, principes, atouts et limites: personal firewalls description and limits.
Special issue 12 (2002/09), Netfilter en profondeur, les secrets du pare-feu selon Linux: Netfilter, Linux 2.4 and further kernels, internal mechanisms.

[modifier] Symposium sur la Sécurité des Technologies de l'Information et de la Communication

Third edition (2005/06), Protocoles réseau, grandeur et décadence: network trafic redirection gainst major network protocols.
First edition (2003/06), Atouts et limites du modèle de sécurité du pare-feu personnel: personal firewalls security principles, implementation, integration and limits analysis.

[modifier] Conferences and talks (cf. Contributions)

2008/03/12-2008/03/14: Source Boston 2008, Boston, United States.
Network de-perimetrisation concept and security implications.
2007/10/30-2007/10/31: Bellua Cyber Security Asia 2007, Jakarta, Indonesia.
Aircraft onboard systems security, with Pascal Andrei.
Local networks authenticated access and associated services.
2007/06/14: Smart WIP Club, Paris, France,
Discussion around Skype security issues.
2007/05/22: JSSI 2007, Paris, France.
Blogs and security, with �?ric Hazane.
2007/05/10: �?ducation Nationale CISO annual meeting, Paris, France.
Wi-Fi captive portals limitations.
2007/04/23-2007/04/25: 2nd Wireless Security Conference, Singapore.
Lessons learnt from eight years of Wi-Fi security.
Workshop on Wi-Fi security history.
2007/04/06-2007/04/07: JSSIC 2007, Dakar, Senegal.
Wi-Fi security.
2007/03/19-2007/03/21: SecurityOpus 2007, San Francisco, United States.
Wi-Fi security myths busting.
2006/10/19-2006/10/21: Hack.lu 2006, Luxembourg.
Wi-Fi security, with Phillippe Tewen.
Lightning talk son Skype based botnets.
2006/08/30-2006/08/31: Bellua Cyber Security Asia 2006, Jakarta, Indonesia.
Open Wi-Fi networks vulnerabilities.
Panel discussion (Un)ethical Hacking... where is the line?
2006/06/16-2006/06/18: Recon 2006, Montreal, Canada.
Lightning talk on Skype based botnets.
2006/05/22: JSSI 2006, Paris, France.
Panel discussion Les nouvelles technologies de l'information : y aller ou non ?
2006/02/20-2006/02/21: Eusecwest/core06, London, United Kingdom.
Lightning talk on Captive Portal bypass.
2006/02/08-2006/02/10: SecureCon 2006, Melbourne, Australia.
WiFi networks attacks based on traffic injection.
2005/11/15-2005/11/16: Pacsec/core05, Tokyo, Japan.
WiFi networks attacks based on traffic injection.
2005/10/01-2005/10/02: Ruxcon 2005, Sydney, Australia.
WiFi networks attacks based on traffic injection.
Cf. Impressions of Ruxcon 2005
Cf. Ruxcon wrap up
2005/09/01-2005/09/02: SyScAN'05, Bangkok, Thailand.
WiFi networks attacks based on wireless trafic injection.
2005/07/05-2005/07/09: LSM 2005, Dijon, France.
WiFi networks attacks based on wireless trafic injection.
2005/06/17-2005/06/19: Recon 2005, Montreal, Canada.
WiFi networks attacks based on wireless trafic injection.
Public release of Wifitap.
Cf. SANS ISC Handler Diary June 26th 2005
Cf. Report from the trenches RECON conference in Montreal
2005/06/01-2005/06/03: Symposium sur la Sécurité des Technologies de l'Information et de la Communication (SSTIC), Rennes, France.
Network traffic redirection against major Internet protocols.
Lightning talk about Wifitap, a WiFi communication tool based on traffic injection.
cf. HSC newsletter: #11, July 2005
cf. article in Réseaux et Télécom CSO: SSTIC 05, le hack noir vu par le hack blanc
2005/05/10: JSSI 2005, Paris, France.
Security risks linked to remote access and mobile computering
2005/05/04-2005/05/06: Cansecwest/core05, Vancouver, Canada.
Security risks linked to remote access and mobile computering
2005/03/21-2005/03/23: Eurosec 2005, Paris, France.
Honeynet technologies and tools for improving intrusion detection, with Philippe Biondi
2005/02/07-2005/02/09: JIA 2005, Sfax, Tunisia.
Free Software for IT security
2004/10/04-2004/10/07: Rencontres Africaines du Logiciel Libre (RALL), Ouagadougou, Burkina Faso.
Improving IT security with Free Software tools, with Frédéric Raynal, as part of ISWS summit preparation workshop
2004/06/02-2004/06/04: Symposium sur la Sécurité des Technologies de l'Information et de la Communication (SSTIC), Rennes, France.
Security risks linked to remote access and mobile computering
Cf. article in ZDNet.fr: Le gratin de la sécurité en France ausculte les risques de l'informatique mobile
Lightning talk on embedded systems usage for honeynets deployment and HoneyWRT project
2004/03/25-2004/03/27: JIA 2004, Yasmine Hammamet, Tunisia.
Entreprise Web portal deployment using GNU/Linux and Free Software
Entreprise Web portal security
2004/03/22-2004/03/24: Eurosec 2004, Paris, France.
Honeypots farms concept and implementation using GNU/Linux, with Franck Veysset
2004/02/10: OSSIR, Paris, France.
Presentation of French Honeynet Project group, members and actions, and focus on honeypots, farms with Franck Veysset
2003/11/17-2003/11/20: Colloque National sur les Logiciel Libres, Abidjan, Ivory Coast.
Free Software for entreprises and administrations IT security
TV show Challenges about Free Software
See article on LinuxFR.
2003/11/11: Install Party ENS Cachan, Cachan, France.
Linux kernel network capabilities
2003/07/09-2003/07/12: Libre Software Meeting, Metz, France.
Lightning talks session organisation for security topic
Layer 2 filtering using GNU/Linux tools (Netfilter/ebtables)
Free Software for IT security
2003/06/10-2003/06/12: Symposium sur la Sécurité des Technologies de l'Information et de la Communication (SSTIC), Rennes, France.
Personal firewalls concept, implementation and limits
Cf. article in Transfert.net: Les firewalls personnels sont loin d'être infaillibles.
2003/05/21: Challenge Securitech, Paris, France.
Local network security issues
2003/05/11: Committee on Development Information (CODI) of United Nations Economic Commission for Africa, Addis Abeba, Ethiopia.
GNU/Linux for IT security and Netfilter
2003/03/15: Journée du Logiciel Libre dans l'�?ducation et la Sécurité, Orsay, France.
Discussion around Free Software and IT security, with Philippe Biondi.
2002/11/15: Groupe FRnOG, Boulogne Billancourt.
Arp-sk tool and ARP security issues, with Frédéric Raynal.
2002/10/26-2003/10/27: Vitré On Line, Vitré, France.
Internet access security issues for end-users
2002/07/09-2002/07/13: Rencontres Mondiales du Logiciel Libre (Libre Software Meeting), Bordeaux, France.
ARP security issues: "Switched network security: a fairy tale..."
Why choose Free Software for security policy implementation ?
2002/05/14: CLUSIF (CLUb de la Sécurité des systèmes d'Information Français), Paris, France.
GNU/Linux and 2.4 kernels improvements for IT security, with Philippe Biondi.
2001/12/11: CLUSIF (CLUb de la Sécurité des systèmes d'Information Français), Paris, France.
Intrusion demonstration with bouce and priviledge escalation, with Daniel Polombo.
2001/07/04-2001/07/08: Rencontres Mondiales du Logiciel Libre (Libre Software Meeting), Bordeaux, France.
Discussion around RIF project about software and documentation mirror servers en Africa

[modifier] Misc.

Since 2001/09
French speaking newsgroup fr.comp.securite moderator. Further infos on http://fr.comp.securite.free.fr/.

Since 2001/07
RIF project member: software and documentation mirrors installation in Africa, prsented at Libre Software Meeting (Libre Software Meeting) with Laurent Oudot et Monique Michaud.

[modifier] Leasures

Iaido
Basket ball
Cinema
Cooking and wine
Traveling

Resume