Welcome
I lead Google's anti-abuse research and invent new ways to protect our users against cyber-criminal activities and Internet threats. I recently redesigned Google's CAPTCHA to make it easier, and made Chrome safer and faster by implementing better cryptography. I was born in Paris, France, wear berets, and now live with my wife in Mountain View, California.

Featured publications

My most popular publications
captcha
Text-based CAPTCHA Strengths and Weaknesses
Based on sucessfull attacks on 13 of the most popular captchas schemes we show how to attack text-based captchas and provide guidelines on how to design secure ones.
@CCS, October 2011
medias:2
forensic
Beyond files recovery OWADE cloud-based forensic
We present how to by pass offline the 4 layers of Windows encryption that protect web credentials and instant messengers credentials. We explain how to extract the sensitive data stored by the four major web browsers and the most popular instant messengers softwares such as Skype and Live messenger.
@BlackHat USA, August 2011
medias:2
web security
Bad Memories
We demonstrate how to steal a WiFi network WPA key and location by attacking the router web interface. Then we show how to bypass SSL warning on Internet Explorer and Firefox to perform HTTPS cache injection attacks. Finally we show how to perform various advanced click-jacking attacks on browser and phones (tapjacking).
@BlackHat USA / Defcon, July 2010
medias:5
video game
Kartograph
We present Kartograph our memory analyzer designed to perform live memory attacks against various games. We demonstrate how to use Kartograph to create undetectable map-hacks against various populars RTS such as Civ 4, Warcraft 3 and Supreme commander 2 in a matter of minutes.
@Defcon 18, August 2010
medias:4
captcha
The Failure of Noise-Based Non-Continuous Audio Captchas
We show how using a generic approach, based on advanced audio processing and machine learning algorithm, our captcha breaker "Decaptcha" is able to break all the popular audio CAPTCHA schemes, including Microsoft and Yahoo.
@S&P, May 2011
medias:2
captcha
How Good are Humans at Solving CAPTCHAs A Large Scale Evaluation
We perform a mass-scale user study on how people react to the 21 most popular captcha schemes (13 images, 8 audios). This study reveals that even the most popular captchas scheme are often difficult for humans, with audio captchas being particularly problematic.
@S&P, May 2010
medias:2
web security
An Analysis of Private Browsing Modes in Modern Browsers
We analyze how each of the major browser implements the private browsing mode and show their limitations and describe attacks against them. We also measure on which kind of website people use the private browsing mode.
@Usenix Security, August 2010
medias:2
video game
OpenConflict Preventing Real Time Map Hacks in Online Games
We show how to perform memory based attack against real-strategy games using our tool Kartograph to create map-hack. To defend against theses attacks we develop secure protocols for distributing game state among players so that each client only has the data he is allowed to see.
@S&P, May 2011
medias:3
forensic
Reversing DPAPI and Stealing Windows Secrets Offline
We show how DPAPI, the Windows API for safe data storage on disk work. Our analysis reveals that it is possible to recover all previous passwords used by any user on a system. We have implemented DPAPI data decryption and previous password extraction in a free and open-source tool called DPAPIck.
@BlackHat DC, February 2010
medias:2
study
State of the Art Automated Black-Box Web Application Vulnerability Testing
Black-box web application vulnerability scanners are automated tools that probe web applications for security vulnerabilities. In order to assess the current state of the art, we obtained access to eight leading tools and carried out a study of: (i) the class of vulnerabilities tested by these scanners, (ii) their effectiveness against target vulnerabilities, and (iii) the relevance of the target vulnerabilities to vulnerabi
@S&P, May 2010
medias:2
Performance
headers: 0.00065016746521
publication list: 0.00360989570618
sidebar: 0.0992000102997
total: 0.103480100632