Talks

• Sylvain Pelissier, Tales of a quest for hash function vulnerabilities. Barbhack 2023
• Sylvain Pelissier and Yolan Romailler, Practical exploitation of cryptographic flaws in Windows. NorthSec 2023
• Nicolas Oberli and Sylvain Pelissier, Hardware attacks against SM4 in practice. Black Alps 2022 and Hardwear.io NL 2022
• Sylvain Pelissier and Nils Amiet, Analyse forensique de la mémoire de GnuPG. SSTIC 2022.
• Sylvain Pelissier and Nils Amiet, GPG Memory Forensics. Nullcon Berlin 2022.
• Sylvain Pelissier and Boi Sletterink, Practical bruteforce of AES-1024 military grade encryption. rC3 NOWHERE 2021 and Insomni’hack 2022
• Sylvain Pelissier, Unveiling the inner secrets of Electron applications. Black Alps 2021
• Sylvain Pelissier, In radare2 /c2 means Cryptography R2Con 2020
• Nicolas Oberli, Karim Sudki and and Sylvain Pelissier, ESIL Side-Channel simulation. R2Con 2020
• Sylvain Pelissier and Nicolas Oberli, Defeating TLS client authentication using fault attacks. Hardwear.io USA 2020
• Sylvain Pelissier, When file encryption helps password cracking. PHDaysV 2015

Conference papers

• Yolan Romailler and Sylvain Pelissier, Practical Fault Attack against the Ed25519 and EdDSA Signature Schemes. FDTC 2017
• Roman Korkikian, Sylvain Pelissier and David Naccache, Blind Fault Attack against SPN Ciphers. FDTC 2014
• Sylvain Pelissier, Prabhakar T.V., Jamadagni H.S., Venkatesha Prasad, R. and Ignas Niemegeers, Providing security in energy harvesting sensor networks. CCNC 2011
• Sylvain Pelissier, Cryptanalysis of Reduced Word Variants of Salsa. WEWORC 2009

Vulnerabilities and bugs found

• #YWH-PGM232-121: Use of weak hash algorithms.
• CVE-2022-47931: Collision in hash function of io.finnet threshlib.
• Golang #56909: Integer overflow in time/Date.
• GnuPG T5977: Smartcard PIN not cleared from memory.
• John the Ripper #5090 : 1Password Cloud Keychain plugin buffer overflow.
• Golang #51747: math/big: infinite loop in Int.ModSqrt for p = 1
• GnuPG T5597: First 8 bytes of cache item left in clear in memory after decryption.
• John the Ripper #5086: PEM ciphertext buffer overflow.
• fastecdsa #75: Elliptic curve point computation error.
• CVE-2021-36751: ENC DataVault 7.1.1W uses an inappropriate encryption algorithm.
• CVE-2021-36750: ENC DataVault before 7.2 and VaultAPI v67 mishandle key derivation.
• CVE-2014-9687: eCryptfs 104 and earlier uses a default salt to encrypt the mount passphrase.