#OWASP Top 10 but business logic instead of technical: owasp.org/www-project-to…

A pre-auth RCE combining 2 critical vulnerabilities on the Production Environment extension of the PHP low-code website generator ScriptCase has been found by noraj and cabir. No upstream fix yet, please apply the workaround. synacktiv.com/advisories/scr…

🔐 Data encryption in Laravel environments is based on one secret: the APP_KEY. Our ninja Remsio studied the impact of its leakage on the internet during an entire year. synacktiv.com/en/publication…

The challenge has no interest in itself, it's just an excuse to test bruteforce attacks with nmap and legba rather than the classic hydra, wfuzz or burp. blog.raw.pm/en/TryHackMe-L…

Zero-click #NTLM credential leakage in explorer.exe (CVE-2025-50154) by putting a shortcut (.lnk) on a SMB share (bypass CVE-2025-24054).

Fallback procedure to install or update AUR packages when aur.archlinux.org is down gist.github.com/noraj/50a76c4d…

Drumroll, please… 🥁 We have the winners for our latest Dojo challenge! Congrats nater1ver, Ali@s and noraj: you win a swag pack! Keep an eye on your mailbox 👀 Want to win swag and program invites? Stay tuned 👉 dojo-yeswehack.com/challenge-of-t… #YesWeRHackers

Ma solution (en français) : blog.raw.pm/fr/YesWeHack-D…

Migrating LVM on LUKS system to a larger SSD blog.raw.pm/en/migrating-L…

Slides also available at: synacktiv.com/ressources%253…

In our new blogpost, noraj shows how one can abuse Unicode characters to bypass filters and abuse shell globbing, regexp, HTTP query parameters or WAFs when #MySQL strict SQL mode is off 👇 synacktiv.com/en/publication…