Thomas DIOT (Qazeer)

InfoSec enthusiast.

Red / Purple Teamer and DFIR analyst.

Links to external publications / articles and talks I participated in.

As a native French speaker, most of the publications are in French.

BSides Las Vegas 2023 - Linux Digital Forensics: a theoretical and practical approach workshop

Subject: Workshop covering the different steps of Linux IR, from data acquisition to TTPs analysis, while introducing Linux malware analysis fundamentals. Hands-on exercise, which consists of a triage collection and a disk image from a compromised system inspired by several IR engagements of the CERT-W. Co-presenters: Axel Roc & Maxime Meignan.
 August 2023 | BSides Las Vegas workshop abstract

FIC 2023 Hacking Lab - EDRSandBlast : un outil pour repérer et contourner les mécanismes de détection EDR

Co-presenter: Maxime Meignan.
 April 2023 | FIC 2023 Hacking Lab abstract

SANS DFIR Summit 2022 - Hunting for Active Directory persistence

Subject: Brief overview of a forest recovery procedure and focus on unveiling different means of Active Directory persistence, some well-known, other less so.
Introduction of the FarsightAD toolkit and its inner mechanisms.

August 2022 | SANS DFIR Summit 2022 abstract

DEF CON 30 Demo Labs - EDR detection mechanisms and bypass techniques with EDRSandBlast

Subject: Presentation of EDR user-land and kernel-land detection mechanisms as well as demonstration of EDRSandBlast and its new features.

Co-presenter: Maxime Meignan.
 August 2022 | DEF CON 30 abstract

MISC n°118 - Techniques de contournement de la supervision des EDR

Subject: Bypass of EDRs supervision mechanisms using user-land techniques and a vulnerable driver (as implemented in EDRSandblast).

Co-author: Maxime Meignan.
 November 2021 | In French | Online article - MISC subscribers only

Microsoft / Wavestone white paper - Securing Active Directory and Azure AD

Subject: Active Directory and Azure AD security.

Co-authors: Alexandre Lukat, Arnaud Jumelet, Etienne Lafore, and Thibault Joubert.
 October 2021 | In French / English | Online article | White paper

MISC n°116 - Tour d’horizon des mécanismes de supervision des EDR

Subject: Mechanisms that allow EDRs to supervise operations on Windows systems (userland hooking, Kernel callbacks, and the ETW Threat Intelligence provider).

Co-author: Maxime Meignan.
 July 2021 | In French | Online article - MISC subscribers only

MISC HS n°20 - Techniques de persistance Active Directory basées sur Kerberos

Subject: Kerberos techniques for persistance following an Active Directory domain compromise.

Co-author: François Lelièvre.
 October 2019 | In French | Online article - MISC subscribers only

MISC n°103 - La face cachée des relations d’approbation

Subject: Active Directory trust relationships and their offensive implications.

May 2019 | In French | Online article - MISC subscribers only