Nicolas Grégoire

Founder at AGARRI

Talk Title

Nearly generic fuzzing of XML-based formats

Abstract

This research project has two goals:  

  1. Fuzzing the exact same XSLT targets than in 2012, but with a modern toolbox
  2. Generalize the bug-finding processes and tools to any other XML-based format. In the process, a new tool exclusively designed to mutate XML documents was developed.

Speaker Bio

Nicolas Gregoire has more than 15 years of experience in penetration testing and auditing of networks and (mostly Web) applications. A few years ago, he founded Agarri, a small company where he seeks security bugs for customers and for fun. His research has been presented at numerous conferences around the world and he has been publicly thanked by numerous vendors for responsibly disclosing vulnerabilities in their products. He occasionally participates in bug bounties, and earned the highest rewards from Prezi (twice) and Yahoo. He’s also a long-time user of Burp Suite and an official PortSwigger training partner.

Copyright © 2016-17 | Nullcon India | International Security Conference | All Rights Reserved