A few things I worked on in the past few years.

Unfriend your boss. Mapping organizations social networks for red team engagements.

In this paper, we explore the security implications of employees publicly exposing their employer through social media. Using Facebook social network as a data source, we go through the steps of building a reliable scrapper to generate an organization social network. We then apply social network analysis algorithms to explore our dataset and identify high value targets, gate keepers, and communities to use that information against the targeted organization during red team engagements. Finally, we propose some recommendations to online social network designers, end users, and organizations.

How not to build an electronic voting system

Back in 1994, Belgium was one of the first european country to push for the deployment of electronic voting systems. Thought at the time as a sign of Belgium stepping foot in the 21st century, the system stayed in use up to the latest european elections that took place in May 2014. As years passed, bugs got discovered, issues were raised, and public concern grew up to the point where the government was obliged by law to publish the source code of those systems in 2001. We jumped on the opportunity to audit the code in June 2014, looking at the internals and seeing for ourselves what was really going on. By auditing the source code provided by the Ministry of Home Affairs, we found multiple vulnerabilities in the system that could easily be exploited by an attacker to tamper with the election process.