I'm kicking off a series of blog posts about interesting vulnerabilities I've found and responsibly disclosed over the years, starting with a complex chain of vulnerabilities leading to XSS on accounts.leagueoflegends.com back in 2016: medium.com/@bored.enginee…

{JS-ON: Security-OFF}: Abusing JSON-Based SQL to Bypass WAF claroty.com/team82/researc…

Really cooool and technical content !

Got access to a #CICD environment? Check out our latest article by Théo Louis-Tisserand and Hugow to loot all the secrets that are supposed to be securely stored in pipelines and meet Nord Stream, a new tool developed to automate the extraction process! synacktiv.com/publications/c…

Prochain stream le Mercredi 8 Mars ! Avec en co-streamer un ami et collègue, YanZaX! :D Au programme sur twitch.tv/thelaluka Laluka@OffenSkill : Java Introspection with Frida on linux - Variant Vulnerability Analysis YanZaX : Caido PoC - What it's worth & RoadMap

Présents sur les deux jours de l'#EC2 2023, on remercie chaleureusement YanZaX et Laluka@OffenSkill pour leur cast du live Twitch de la compétition cette année ! 👏

Heya! Today, I'm happy to release a new article! This one is my personal revenge against Kong & Konga. They act as a shield and really blocked me on some engagements, so I hope you'll like reading this somewhat epic journey! 🥰🔥 thinkloveshare.com/hacking/kong-k… medium.com/manomano-tech/…

During HeroCTF , Kévin GERVOT (Mizu) and I made the hardest web challenges we’ve ever made, you can find the writeup here : mizu.re/post/youwatch

Anyone having some issues with the new "Organizer" tab on BurpSuite ? I can't send a request from Logger / Logger ++ directly to Organizer, I need to send to repeater first then I can send it to Organizer. Tested on MacOS, BurpSuite Pro 2023.6.2. PortSwigger

How I patch diffed CVE-2023-28121 to compromise a WooCommerce. rcesecurity.com/2023/07/patch-… #BugBounty #security

Announcing wsrepl, the WebSocket testing tool from Doyensec! This intuitive tool is super easy to use and makes automation around WebSockets simple! Check out our blog for the details and download it today! blog.doyensec.com/2023/07/18/str… #doyensec #appsec #websockets #burpsuite

#Vulhub Reproduce Metabase pre-auth RCE in 3 minutes: github.com/vulhub/vulhub/…

J'ai deux invits pour le "ciel bleu" -> DM si needed

Encore une super édition Barbhack 🏖 Une page se tourne côté CTF car le challenge Tchou-Tchou a enfin été solve après 4 ans par YanZaX 🚞

I made a very quick and dirty write-up : github.com/YanZaX/writeup… Will prob update and make it cleaner later

Interesting way to establish a C&C channel if you need a signed binary !

If you ever face a web application using only Websocket, this tool is goldmine. ⛏️

Discover my latest article on explaining and exploiting the file write vulnerability into RCE via Mobsf (CVE-2024-21633) ! 📑 Kudos to 0x33c0unt for discovering and reporting the vulnerability 🐛 qu35t.pw/posts/2024-216…

We're proud to announce LIGHTYEAR, a tool that let you dump files, blind, in PHP, based on a new algorithm. ambionics.io/blog/lightyear…

I've released my CTF bot template! :D It's not a big deal, but it comes with a heavily hardened Docker setup. The bot also sends a lot of debugging information over the TCP socket (console logs, navigation), which makes remote debugging much easier! 🔎 👉github.com/kevin-mizu/bot…