raphaelthief
Hello ! I'm Raphael. I was a combat team leader in the
French Army for over 5 years before pursuing a management degree
from a top 10 French business school. I aspire to work in the
cybersecurity sector, despite having a background that is not
specifically focused on cybersecurity.
I have been
coding all types of malware for over 10 years for understanding
purposes since I was in high school. From this base, I became
interested in everything that revolves around this subject :
reverse engineering, OSINT, pentesting, red teaming, social
engineering, etc ... I am currently developing my knowledge in
pentesting. I love coding my own pentest, OSINT tools or
malwares and find it incredibly satisfying.
Certifications, community and volunteer involvement
Skills and competences
- Mainly coding in .NET and Python
- Focused on wireless and web pentesting
- Exploring vulnerabilities in AI systems
- Basic skills in reverse engineering
- Applying OSINT methodologies
- Exploring CTI investigation methods
- Practicing social engineering techniques
- Building Red Team implants with Raspberry Pi
- Familiar with physical intrusion basics
- Comfortable developing all kinds of malware
Recent writings
When I have time, I enjoy writing articles on a wide range of topics, from creating new features for malware and rearming detected payloads to analyzing ways to bypass AI systems or conducting malware analysis through reverse engineering techniques accessible to beginners
Malware and AI :
Evolution of offensive capabilities
and email injection via Outlook COM API
I created a functional POC of a spread feature that allows malware to propagate through artificial intelligence via Outlook's COM API. This methodology enables the generation of credible and convincing emails, thereby enhancing the offensive capabilities of malware. Check out the article in MISC140 (LES EDITIONS DIAMOND) !
AI Warfare
I managed to extract MISTRAL AI's system prompt. However, I wanted another AI (OpenAI) to go after Mistral. So I pitted the two AIs against each other by first performing a kind of mini jailbreak on ChatGPT, putting it in the role of a red team AI.
UAC & Windows Defender Bypass
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. sed do eiusmod tempor incididunt ut labore et dolore magna.
Recent Projects
I spend a lot of time creating various projects that I share on my GitHub page. I really enjoy automating certain processes related to pentesting, OSINT, or CTI research. To me, using programming as a means of automation is a valuable form of learning
SearchX
This project aims to retrieve as many digital traces as possible on a target entity. It's a kind of super compilation of all existing tools, but also includes new techniques that have never been addressed by automated OSINT tools before (e.g., Lydia)
thiefhunter
This project allows me to automate certain tests, but more importantly, to retrieve the target’s application versions along with associated CVEs and exploits. Limited by WPScan tokens? Flagged due to noisy tools? These issues are no longer a concern with my tool
UAC FUD
I had fun listing various methodologies to bypass UAC on Windows, both manually and automatically. These automations are especially useful for targeting individuals or poorly organized communities in terms of user management
_V161rmh1-d6jqgpaU6KNS.jpg)
airodump-ng scanner
Problem ? Solution ! I was tired of not having scroll
functionality in airodump-ng, so I added that feature
along with other improvements through a Python project
Web Security Research
This section highlights my personal research in web application
security.
All case studies have been anonymized to respect
confidentiality and legal boundaries. Some of the
vulnerabilities were not officially acknowledged, patched, or
responded to, either due to duplicate reports, lack of feedback,
or the absence of a public vulnerability disclosure process.
XSS findings
Cross-Site Scripting (XSS) vulnerabilities are widespread. I
have frequently encountered reflected and client-side XSS, where
malicious payloads persist within local cookies and are later
reinjected into the page without proper sanitization.
My
research uncovered XSS not only through classic URL parameter
injection but also via user chat interfaces, AI chatbots, and
even LLM-based services.
These vulnerabilities can be
exploited to steal session cookies or redirect users to
malicious sites.
In certain cases, the XSS allowed
persistent surveillance by injecting a JavaScript keylogger that
communicated with a remote listening server.
More Details
SQLI findings
I’ve had the opportunity to come across SQL injection
vulnerabilities multiple times, mostly on older websites using
outdated versions of PHP. When I identify an old PHP version, I
tend to thoroughly test for this type of injection.
Generally,
I come across error-based or time-based SQL injections during my
research methodologies. Otherwise, I tend to use automated tools
(well configured and mastered) to detect other SQLIs such as
union-based SQL injection.
More Details
Exposed API
This is definitely one of the things I encounter most often ! Exposed APIs and especially poor rate limiting on these API calls, which allow me, among other things, to enumerate the entire user database, identify admin accounts, and then carry out dictionary attacks on multiple administrator accounts. Here, in this case, I crafted my own Python code to perform this kind of task. Otherwise, I usually use ffuf to carry out this type of enumeration.
More Details
Malware Developement
Being French,
I am subject to applicable French laws. There is a legal gray area concerning the development of
malware, but especially regarding their possession. They are
considered weapons, and, like weapon possession, their
possession is regulated.
I inquired with ANSSI about whether I could release some of
my malware projects as open source, but I never received a response despite my follow-ups with
the legal department. I believe this request is perceived as
peculiar, and
they probably thought I was trolling ...
Anyway,
I will introduce you to some of the different types of
malware I have developed
since my high school years, along with some of their features.
Please note that most of them are outdated and would require
modifications to drastically reduce their detection rates and
improve their compatibility with certain targeted
technologies.
Tor-based reverse shell implant
I’m not only interested in creating “classic” malware
such as keyloggers, infostealers, or RATs ... I’m also
focused on anything that can act as a backdoor or allow
remote control and surveillance.
In this case, I
developed a Tor-based reverse shell that is undetected
by Windows Defender. It’s a persistent reverse shell
that routes its traffic through Tor and can maintain a
stable connection over time.
The victim doesn’t
need to have Tor installed, it relies on legitimate,
signed tools that make the use of Tor appear
legitimate.
This malware mainly targets individuals
or systems without EDR solutions. I haven’t had the
opportunity to test it against EDRs due to limited
resources ...
C2 Google Calendar
I developed a custom Command and Control (C2) system as a personal project that uses Google Calendar for covert communication, allowing it to bypass detection by tools like Windows Defender. It supports multiple clients with customizable features such as a melt function and the use of LOLBAS for stealthy command execution, making it a fully functional and highly evasive RAT.