This website is my personal website. To get more information about me, click on the "About" link. The purpose of this website is to allow people to send me malware. You can choose to send me sample anonymously or not. Please do not send me private binary because the submitted file could be used to write a paper or blog entry. For privacy reason, the submitted sample will be GPG encrypted by your browser. Furthermore, I don't keep logs as IP address, location, ... I only keep the information submitted by the form, if you wish to be contacted after my analysis, put your email on the form. Enjoy!
About me
  • Name: Paul Rascagneres
  • Age: 31 years old
  • Location: FR/LU/BE
  • Email: paul@r00ted.com
  • Email: rootbsd@r00ted.com
  • Senior Threat Researcher, Malware Analyst
  • Publications:
  • Author of the french book: "Securite informatique et Malwares - Analyse des menaces et mise en oeuvre des contre-mesures (2e edition)" (ISBN: 978-2-4090-0073-7)
  • Author of the french book: "Malwares - Identification, analyse et eradication" (ISBN: 978-2746079656)
  • Author of the article: "Rootkit analysis - Use case on HideDRV"
  • Author of the article: "IcoScript: using webmail to control malware"
  • Author of the article: "APT1 - technical backstage"
  • Author of the article: "Analysis of KimJongRAT/stealer"
  • Author of the article: "Malware analysis - Rannoh/Matsnu"
  • Author of several articles in the SEKOIA blogs
  • Author of several articles in the G DATA blog SecurityLabs (author name: PaR or Paul Rascagneres)
  • Author of several articles in the malware.lu blogs
  • Author of several articles in the french newspaper MISC
  • Leader of the MISC "Malware corner"
  • Professional experiences:
  • From January 2017 to now: Senior Threat Researcher, Malware Analyst at Talos Outreach EMEA
    • Researching the latest threats, latest malware campaigns and changes in the threat environment.

  • From August 2015 to December 2016: Senior Threat Researcher, Malware Analyst and Incident Response at Sekoia's CERT
    • Malware analysis
    • Reverse engineering
    • Incident response
    • Vulnerabilities research
    • Windows internal

  • From february 2014 to August 2015: Senior Threat Researcher, Malware Analyst at G Data (antivirus company)
    • Malware analysis
    • Reverse engineering
    • Incident response
    • Vulnerabilities research

  • itrust consulting from 2011 to january 2014 : IT Security consultant, malware analyst and incident response
    • Realization of pentest
    • Creation of the first private CSIRT located in Luxembourg
    • Creation of the project malware.lu and the tool malwasm
    • Incident response and forensics analysis (post-mortem analysis, malware analysis, reverse engineering)
    • Vulnerability research, exploit writing and contribution to metasploit
    • European project (FP7, ITEA)
    • Customers : banks, European institution, governments, private corporation
    • Teacher since 2011 (university of Luxembourg, university of Franche-Comte)
  • Skills:
  • Malware analysis: cuckoo sandbox, malwasm, GMER
  • Reverse engineering : ASM x86/x64, ARM, IDA Pro, OllyDBG, WinDBG, metasm, ltrace, strace, gdb
  • Forensics : volatility, volatilitux, sleuthkit, timeline creation
  • Pentest: burp, Metasploit, OpenVAS, Nessus, Nexpose, w3af, TamperData, nmap
  • Methodology: OWASP, ISO 27001
  • System: Linux, *BSD, AIX, Solaris, Windows, developpement kernel
  • Network: ipfilter, snort, packet filter, iptables, LDAP, kerberos
  • Virtualisation: Xen, Zone Solaris, LPAR, VirtualBox, VMware, qemu
  • Development: Ruby, perl, python, sh, C, C++, php, Metasploit
  • Speaker at conferences:
  • 2017
    • 13/07/2017: Shakacon (Hawaii)
    • 22/06/2017: C-Days (Portugal)
    • 08/06/2017: CiscoSec (Slovakia)
    • 24/05/2017: Tate IS2 (Czech Republic)
    • 18/05/2017: Northsec (Canada)
    • 25/04/2017: Insomni'hack (Switzerland)
  • 2016
    • 01-02/12/2016: Botconf (France)
    • 04-05/11/2016: Hackfest (Canada)
    • 18-20/10/2016: Hack.lu (Luxembourg)
    • 13-14/07/2016: Shakacon (Hawaii)
    • 04-06/07/2016: RMLL (France)
    • 23-24/03/2016: SyScan360 (Singapore)
    • 17/01/2016: Coriin (France)
  • 2015
    • 06/11/2016: IT-Secx (Austria)
    • 29-30/10/2015: Hackito Ergo Sum (Paris)
    • 20-22/10/2015: Hack.lu (Luxembourg)
    • 15-18/06/2015: REcon (Canada)
    • 01-05/06/2015: AusCERT2015 (Australia)
    • 21-25/05/2015: NSEC (Canada)
    • 19/01/2015: Coriin (France)
  • 2014
    • 03-05/12/2014: Botconf (France)
    • 21-24/10/2014: Hack.lu (Luxembourg)
    • 19-22/08/2014: Hitcon (Taiwan)
    • 01/08/2014: Spring 9 (Germany)
    • 03-04/06/2014: NCSC (Netherland)
  • 2013
    • 05-06/12/2013: Botconf (France)
    • 15/11/2013: Grehack (France)
    • 24-25/10/2013: Ruxcon/Breakpoint (Australia)
    • 22-24/10/2013: Hack.lu (Luxembourg)
    • 19-20/07/2013: Hitcon (Taiwan)
    • 06-11/07/2013: RMLL (Belgium)
    • 25-28/06/2013: Shakacon (Hawaii)
    • 22-23/06/2013: NDH2k13 (France)
    • 13-14/06/2013: CISO Europa (Netherland)
    • 02-04/05/2013: Hackito Ergo Sum (France)
    • 03-04/04/2013: Codegate (South Korea)
    • 22-23/03/2013: Insomnihack (Switzerland)
    • 13-15/02/2013: BugCon (Mexico)
  • 2012
    • 25-31/12/2012: CCC (Germany)
    • 23-24/11/2012: Malcon (India)
    • 17-19/10/2012: Hack.lu (Luxembourg)
    • 09-10/07/2012: RMLL (Switzerland)
    • 23-24/06/2012: NDH2k12 (France)
    • 02-03/03/2012: Insomnihack (France)
  • Thema of conferences: malware analysis, rootkit analysis, protection against buffer overflow (SSP, ASLR, GAP, NO-EXEC Stack), workshop concerning Metasploit or reverse engineering...
  • Languages:
  • French: native language
  • English: able to work and make conferences
  • German: on going
GPG key:
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.12 (FreeBSD)

mQINBEpWJZABEACogJH6NbPfzRZ9zbZRHVMDIXmRIMZHCjAFQkfM7gnaAzpBsYOf
mC6EklFtJCEUevhPA94jD/wDn2FpFG/S1ZiJvudDn17VA2wQNDcmAVfT4P93wb3d
Y6wgWIG7glkcMRZi5bUBrfZEE/GBL/vyTPp0Xzvukr4taj6Ew7oLmAOSzUBU4kwc
8x9BUbej6LyzSYO30Eeh5BAcj51kJKmwCU3/shjSVqqC2mObolBi8ToVdmo6PlbX
4xyx3+kbaVlNMXumnYM/BKzv4STylJVJNlpBQ1F1gGvw6hhK4K23Rb7qaCfJ5xnW
ONfqC5gn/CuZMq5kzIGnsp8uq+tdlUcCfbdtiUVWZSMah/lkPVUeROFXlcnvgt/l
6v+TQtQNiTFbwFQok0f1H5zGDJuif6awlj9Z+QGIOY5TPfqtciCgJqssjwr9keze
lDhdzqrFA4pcbFnlVWskiagU1F/53XN88I+rtwMDdECKlsgST7YSubFM27i+GS7/
QdrdoMPXlh+0NMQMiY06p3Kqy5n7tq3dWVdp+h3Xhepxw8pgNLrT00GPyzwffmDD
ed6UtHhVGdujz47VBkUSBemUKcHd+3OO3ixcS2DSSVXTouzwulZUlz7H9XGkQLcS
bPu+rf4Lxqplb00Dtewq8oXNScGHZsu5X8ehZKCrj0jJTAmkmB7dSJuhxQARAQAB
tBxSb290QlNEIDxyb290YnNkQHIwMHRlZC5jb20+iQI2BBMBAgAgBQJKViWQAhsD
BgsJCAcDAgQVAggDBBYCAwECHgECF4AACgkQFi8p1Mp8r+keRBAAkvoREaWhBSYQ
lukAWZeIFSRciRQ3vjRIHSd2kHrdfAMvCb8i2012DVWPR23usnO2TgYN2vAUQAY1
dHvnmZZJFAMdl2/qUeqcdZW11PdYXS5x8m6wxzjbL/seX4MSCvZnsMDW/rMlbRdd
8MzyzDMgUt8a4AH9Qo5OnHBXdWtSPG1NV04dzZKjUq1P76bGFcLzvhQWF+5qOUmw
58i2jDG0erJo7fgmWMzmZa0FcUrhmX6jq0euF5DUHawjkzVvuBXUEm8assqSiC3s
G2af9wZrDPWZ3gYoqgR9BZJjRHL6XDTc6Lg+0mLU2yaC9aFkHd40VjoqkjyutHDn
ZLR5FhHKz8CzKIyfXH6tO3SXMSBHwUtqmQV2eWH76xUPrghFnCHrWuKwrfv5Vsrh
iwNxYGeWrtk3VWL0VcxycL6FwSimSw6HXHIKXCZ2ydq7euIuoQ9dU2IGXHSXe3aW
Uz6/e1cmOM5QjjL4L0R6hRGTJOComgDStXBN5PSKQGyO+LerJpMncntNky1S1iPm
WvNVGo2dBP2JfPELSyoEGGUzBybuIU6dvtCcb8R86EVL82XQhnIMD+1dAaftcGOp
tmTZ11cTtB4MD6E+7HbMsc76wyhOYQbNugkb6ZN0taK6rk/S1kadfY4f//kSOfZv
oTv6rFJvV6agevMNeX9vmikiKouDoiu5Ag0ESlYlkAEQALJzDQ/P0Scm1YdFLYqM
y25LaoMkOneCk6BELhrvrsHMBVAIyQpY/8fCqepM3gPaqbBSsSvzM9wsWi2Eolxf
k3YBTPt/uLpaBui2DJBPqhPlX702Ecl9p4TaZSkwJRXk0x7dmmtX1LhXbNajusO0
5kbWcuOTtScciu91+tNf276z70YKklzguGWkYNaRpittNPuIlAh3KPIurw6Mrl1t
uVt7qzMM0LLLEec0TYrVUNeIVtXwTfT5+IfpP7PJk9KFn32TO8Tge9X8/nTRaIBV
aQR3Sv/OL+KXHowoaWtC9YELphEplaCrND4gVSzCE/v3mx/KskdH8CGFL58YSn4p
x/mx4OzCXBrdJBc72NwyhjJGK3omYC+jreDCV77f9AGflo98rZnLnpqZiFCnKT3G
RfbiRn1KSjEAqlllYcCKFXe4kSQPU9T7L0Y0r4flFZm/6iQ6/8MgUgyFL+PISnVh
R/VT1p8AUeO/+l0pHMXu/i5/N6JllPFheByovt8XIrztwgbRvdjhgzplWBHeecRQ
y+/ra28216cNc/Jnwi0DXhjjQJu+fVUMjBSniMLoDU0xoWj5XDXseb4O+21/7ubs
Z7UoR6yYHSAHLROwCSuE0Q75Ag4QD9hcq91Bakfv+Kq81dvObDMmZuwJwlaMxbbR
ZXz8sq+IHFRMd2tkOftqF9ifABEBAAGJAh8EGAECAAkFAkpWJZACGwwACgkQFi8p
1Mp8r+l5cA//Tkjd6j4ntHknrVbGnML2xlTFknctZFA8EsMxeBDgSTMnP1dOGBqi
+pzezuiGHZHQsKtujsqehYoDAe0LlmawoOlcgtSEjjgpegqdhUMlK7Vv9I8ori0J
Q+by2O8x5/5qXtoFrLfBbfn9t+lqJnDx/6KSr26NqeLPLtf+NuZ2FOVU8GYGILjZ
ERJAS+qNMFWo1WauXgivdbyJkjRm8gHplVDkBRNb/t2h9ukzr8rDuXLXMPwGUAlU
ORNnGdweCYIHjSF6QQRn7Q5Y+raPxoETsum8R7HlWCGTU7YaTnSg9nr4VtvXo0Zd
54CLiWv8b9RuzBlaRE0p0bfQbAKKRcCw5JS73k2cA7FRDLjG5jhntkAHEjkkjhV3
ZSvMTs27jP16sFpt9uBry3LAzVtiarKf0gnnIKq/vFALzpPsY2PszE2ibwf0mgZ1
Uw4I0BvI7cWVTQZJWAa05XckT47McclzSAA68rO0ZLYB7bHMqzJKoD5lXXfEiTXO
qddblEhC2vLvJfE+TEZ0aIhm9S/TtPtabkCYWSSGd1ZjFwDea1wp9R9pNYmgv9Zb
/RAXxxrWcXovKEfCo8nKtOVaryLyXKHMnw6sNYicJkMs8jSfF+P3FOAkZeH9U0gA
ZKtUyue3D5tYipiHMqF0whBeLKuVH7jPmnbqPb1IFKPhNcKtzz/6dVQ=
=dCGs
-----END PGP PUBLIC KEY BLOCK-----