About me

Contact & social stuff

Black hat SEO is hacking

I like to read about the authors of the blogs I read so I’m going to write a bit about myself and projects I’m working on.

I’m a french security researcher also working in SEO. I’m a mix of a hacker, a coder and a psycho with serious troubles. I live in Montreal & Paris (yes it’s close). I have another blog about pentest, hacking and security.

What I really like to do is doing research about black hat seo, ranking factors, spambot developpement, hardcore linkbuilding and captcha ownage.

A part of my job is about doing boring pentest, boring security assessment and extremely boring source code review. I have been in the hacking stuff since 2003. Hacking was my hobby until the day I discover SEO in 2010, the day I created the website of my tiny security company.

I discovered SEO by watching this french video of Camille Roux. At this time I was totally newbie about SEO, I didn’t even know what « Page Rank » or « backlink » was.
I still can’t understand how I did to miss the SEO a soooooo long time because I saw so many times BLACK HAT SEO in <h1><u><strong> on security blogs and in conferences without trying to know more about it… Just pure awesome.

I still like to do a bit of research in hackery, but it’s nothing comparing how I love to try to solve the search engines enigmas.

I’m also an experimented programmer. Now my mains languages are Java, PHP and C, but I’m used to code in many others languages like Perl, Python, C++ (not going to list all of them…)

Here is a quick list of the project I’m working on in SEO :

• I m working on an awesome link building software handling every kind of backlink (profiles, blogs, comments, referrers, links you don’t know…)
• I’m scanning the planet for proxies and everyday I get a lot more open proxies than you can find on nntimes or samair.
• I develop OCR for captcha destruction, it’s coded in C for high performances. I successfully breaked popular captcha like SMF 1&2, PHPBB 3, MyBB and some other CMS but my mother doesn’t want me to tell too much about it.
  It’s not a shit using tesseract or gocr or imagemagick. It’s a serious OCR using AI designed for breaking captcha. There is still captchas I can’t break in like Recaptcha or the Google scrapping captcha, but indians are here for that.
• I made good stuffs about boting on twitter and others plateforms.
• I worked on automatic text generation, but I met a researcher who did a work a lot better than than mine so I totally abandonned this project.
• And many others secrets projects I can’t talk about (NDA with FBI & ANSSI).

Me and the security

My security blog is really not representative of all the stuff I’ve done in the security. I was a lonely wolf in the hacking : no IRC, no hackfriend, no problem. I never specialized myself in any field of the security, I tryed to play in most of them, so let’s talk about projects and works I’ve done in hacking.

• I’m a pentester so I know a lot of stuff about hacking into networks, computers and web.
• I developped a Web vulnerability scanner for a security company. That’s why I’m used to coding bot and bypass lolspam protection, I just have the good behaviour.
• I designed a HTTP Botnet protocol with a decentralized master commander in PHP, you can pilot a lot of bots or have a single shell in ajax on the remote computer from the web server, it’s very nice.
  I made bots for differents OS like Windows, Linux but also in a Mac Widget and an AWESOME Firefox extension including a shell, a proxy, UPnP and others firewall NAT mapping stuff (and yes in JavaScript). I love coding and specially malware. It’s probably the best project I did. I hope I will have the time to work again on it.
• I did a lot of vulnerabililty fuzzing with framework like Peach and Sulley. I shared some exploit on indahax and I still have 0days (like one on PHP with a local memory corruption leading to disable_functions/open_basedir bypass).
  Working on buffer overflow was cool, but it’s a LOT of time, and now with x86_64 processor + ASLR + DEP + COMPILER PROTECTION it’s getting harder and harder (impossible?) to exploit. The problem is memory corruption bug chasing is too much time consuming, I like this article about that on carnalownage, I share the same point of view.
• Coded rootkits for Windows and OpenBSD, the basics you can learn in « Subverting Windows Kernel ». It was cool, I really enjoy malware coding. I miss it.
• Played with IPS bypassing and PHP backdoor, never released so still very effective. I also have some technique to bypass mod_security I didn’t share, yet.
• Reverse engineering and hacking computer game : That was a lot of fun too. I reversed network protocol of populars games like Call of Duty series to generate valid CD keys via bruteforce attack.
  I also developped cheats for computer game (wallhack and aimbot), it’s a lot of reversing, seeking for the good memory address doing the good stuff (shot!, grahics, …).
  I’m not skilled with static binary analysis tools like IDA, I always used immunity debugger, It was always ok for debugging and I was used to read x86 with it, moreover I love its python scripting interface.
  By the way, my first hacking program was a password bruteforcer for medal of honor. Oh and I can’t talk about cheat and game exploit without mentionning the site of Luigi Auriemma. Exploiting online game is very cool.
• And others projects I forget nor I don’t want to talk about.

HAVE A GOOD HACK, hope to see you in a SEO or SEC meeting