Joined November 2011
- Tweets 54
- Following 97
- Followers 48
- Likes 422
Photos and videos
Sébastien Rolland retweeted
May 17
🏴☠️ I can finally share a VMware 0day I discovered that led to CVE-2026-41702 (LPE as root). Funny enough, I found the bug in my hotel room after the second day of attending Csaba Fitzl (@theevilbit) & Gergely Kalman (@gergely_kalman) training at Zer0con.
therealcoiffeur.com/c111000.…
10
126
729
50,738
Apr 30
My new blog post is released. It explains in detail how applications (App Registrations, Service Principals, MI) and their permissions really work, why they can introduce several subtle paths for privilege escalation, and presents my open-source tool designed to uncover them.
Apr 30
Do you know how Entra ID applications work?
What about the security mess they can bring and what they can quietly break?
New blog post on Entra ID application permissions, the audit nightmare they create, and QAZPT, our OSS tool built to make sense of it:
blog.quarkslab.com/auditing-…
ALT Auditing Azure permissions will make your head spin Use the QAZPT, Luke!
1
14
98
13,913
Sébastien Rolland retweeted
Apr 30
Do you know how Entra ID applications work?
What about the security mess they can bring and what they can quietly break?
New blog post on Entra ID application permissions, the audit nightmare they create, and QAZPT, our OSS tool built to make sense of it:
blog.quarkslab.com/auditing-…
ALT Auditing Azure permissions will make your head spin Use the QAZPT, Luke!
17
84
20,052
Sébastien Rolland retweeted
2 Jan 2025
shocking photo taken seconds before tragedy
19
51
931
24,511
Sébastien Rolland retweeted
17 Nov 2023
Rise and shine, it's @GrehackConf time! Doors should already be open and at 9:10 we kick off with Nicolas Kovacs and Sébastien Rolland and their talk Google Apps Script: This Talk Requires Access To Your E-mails.
They ain't getting mine...hopefully...
ALT The GreHack logo for this year.
4
7
1,511
19 Aug 2023
Petition from Mozilla to stop France from forcing browsers censor websites. ☑️
foundation.mozilla.org/en/ca…
1
37
Sébastien Rolland retweeted
12 May 2023
Currently on stage at @sth4ck , @_cryptocorn_ with her colleague @Mad5quirrel for sharing their research on firmware done for #pwn2own 🤩
#proudfather ❤️
3
13
1,203
Sébastien Rolland retweeted
12 May 2023
Don't worry everyone, the Internet is still a safe place.
93
362
3,577
1,606,567
Sébastien Rolland retweeted
12 May 2023
After lunch, @_cryptocorn_ and @Mad5quirrel will present at @sth4ck their adventure at @Pwn2Own_Contest and how they tried to break randomness with statistics in less than 5minutes #Sthack23
1
4
10
2,760
Sébastien Rolland retweeted
6 May 2023
WhatsApp has been using the microphone in the background, while I was asleep and since I woke up at 6AM (and that's just a part of the timeline!) What's going on?
Community note
WhatsApp has clarified they believe it to be a bug in Android's Privacy Dashboard (twitter.com/WhatsApp/statu…
3,800
6,012
23,407
101,787,897
18 Apr 2023
Today with @lestutosdenico we presented Google App Script and several different scenarios in order to possibly exfiltrate data from enterprise which use Google Workspace at annual @quarkslab conference; Quarks in the Shell. Was a great day 👌
1
2
3
540
6 Apr 2023
Nice competition, finished 4th out of 28 team the first day :D
5 Apr 2023
The @EuCyberCup, the first eSport competition dedicated to ethical #hacking during the #FIC2023 (International #Cybersecurity Forum), will start in a few minutes ! Our team is setting up and preparing for these two intense days ! Stay tuned ;-)
73
Sébastien Rolland retweeted
31 Mar 2023
Microsoft OMI is an open source systems management framework for Linux and UNIX used on-premise and Azure. In this blog post @blindevy and @mtardy_ give a brief introduction to it and tell us how they found some bugs while fuzzing the project. #omi #Azure
blog.quarkslab.com/a-gentle-…
ALT "Many Linux servers controlled by a monkey" by Stable Diffusion, 2023
10
16
3,675
25 Nov 2022
Another great article of @cryptonitemmk on OCI image specification ;)
24 Nov 2022
Do not get stuck trying to understand container specifications!
Here is a blog post by @cryptonitemmk that dissects the OCI Image Specification with practical examples and hints 😉at why it is Not A Good Idea to leave any secrets in them
blog.quarkslab.com/digging-i…
ALT A container ship stuck in the Suez channel. Not A Good Thing.
1
Sébastien Rolland retweeted
15 Oct 2022
1
2
11
Sébastien Rolland retweeted
14 Oct 2022
Our 2022-2023 internship season is open! Looking for a 6-month immersion in a top-notch security research environment? Searching for final answers to "pain au chocolat or chocolatine", "emacs or vi"?
Check out these other important topics & apply soon
blog.quarkslab.com/internshi…
1
18
25
Sébastien Rolland retweeted
8 May 2020
A mobile application that send your GPS coordinates regurlaly to a server owned by a government is a surveillance system.
#AarogyaSetu is a surveillance system
393
4,328
12,307
Sébastien Rolland retweeted
3 May 2020
1/ Le 23 Avril dernier, je vous parlais de StopC19, l'application de contact tracing Française faite en catimini par Orange et Sopra Stéria. Cette application, qui ne verra probablement jamais le jour, n'est pas public. Le monde étant petit, j'ai reçu une version de l'app.
23 Apr 2020
1/ Alors que personne n'a rien demandé, Stéphane Richard a annoncé la semaine dernière avoir développé une application de contact tracing avec cinq autres industriels français.
Aujourd'hui, aucun détail de cette app n'est public. Ils ne donnent pas d'infos? Allons en chercher!
19
542
635
18 Apr 2020
I’m proud to announce that my first discovered vulnerability has been published under CVE-2020-11883. It affects API components of VueStorefront PWA and lead to information disclosure.
2
1