https://nolanndev.fr/security/ Recent content in Sécurité & DevSecOps on nolanndev | C++ & DevSecOps Hugo fr-fr Wed, 08 Apr 2026 00:00:00 +0000 https://nolanndev.fr/security/microservices-pme/ Wed, 08 Apr 2026 00:00:00 +0000 https://nolanndev.fr/security/microservices-pme/ <h2 id="tldr">TL;DR</h2> <p>Pour sécuriser une architecture microservices en PME :</p> <ul> <li>Scanner les images avec Trivy</li> <li>Surveiller les comportements avec Falco</li> <li>Ne jamais stocker de secrets en clair</li> <li>Utiliser Vault ou Kubernetes Secrets</li> <li>Chiffrer les communications internes (TLS/mTLS)</li> <li>Intégrer la sécurité dans le pipeline CI/CD (DevSecOps)</li> </ul> <hr> <h2 id="pourquoi-cest-un-enjeu-majeur">Pourquoi c’est un enjeu majeur</h2> <p>Les PME adoptent de plus en plus les architectures microservices déployées dans des conteneurs (Docker, Kubernetes) pour gagner en agilité et en scalabilité.</p> https://nolanndev.fr/security/recovering-rsa/recovering-an-incomplete-rsa-private-key/ Thu, 24 Oct 2024 00:00:00 +0000 https://nolanndev.fr/security/recovering-rsa/recovering-an-incomplete-rsa-private-key/ <p>Welcome folks,</p> <p>This writeup is about the Midnight Sun CTF frank challenge on how to recover a full RSA private key, when half of it is erased. Thanks to <a href="https://blog.cryptohack.org/twitter-secrets">this recent cryptohack write-up</a> from which this challenge is (for me) inspired. Challenge therefore requires recovering the entire RSA key from this image:</p> <p><img src="img/rsa.png" alt="image"></p> <h4 id="get-the-part-of-the-private-key-visible">Get the part of the private key visible:</h4> <p>The first step of the challenge is to <strong>recover the visible part</strong>, to do this I quickly created a small <strong>OCR</strong> script with the <strong>pytesseract</strong> module in Python, to facilitate the recovery task.</p>