🛠️ Summer break is over and we are back on #RomHack2024 stuff 🛠️ - 63 registered training students, a few spots available - conf sold-out but business tickets available Get your ticket for the biggest RomHack edition ever 🎟️ romhack.io/tickets/ 🎟️

Quadra_v69  Coffin  You forgot to change the color of the "severity" box in your fake screenshot - it's orange for high. Nice try tho!

For SSRF lovers (but not only them) 😍

AppSec Ezine - 551st pathonproject.com/zb/?35a7d0ccea… #AppSec #Security

You don't see why crisis simulation, training et preparation is important and can make a difference in terms of resilience of a company hit by #ransomware ? Just read what follows and picture your org in such situation 😭

Nicolas Grégoire The IP transformations in the cheat sheet were inspired by Nicolas Grégoire's talk, "Server-Side Browsing Considered Harmful," where he discussed alternate IP encoding techniques. You can experiment with different IP transformations using portswigger.net/web-security/s…

You can find all the talks announced on the agenda: hexacon.fr/conference/age… Again, a big thanks to the review committee for their contribution as well as everyone who took the time to submit a talk. 🙏

I don’t understand why some people oppose Caido Zed Attack Proxy and Burp Suite 🤷‍♂️ For years, I hoped for decent competitors. Now we have them and that’s probably a huge win for users They will inspire each others and that’s normal, even expected

Comme toujours, la presse étrangère dit les choses plus clairement que les journalistes de Cour français.

I found 14 CVEs by downloading every Wordpress plugin and scanning all of it with Semgrep - full dataset published if you want to do some sifting yourself, there's plenty of output I haven't looked at. projectblack.io/blog/cve-hunti…

🤓 Just released the full (not truncated) slides from my DEF CON presentation on the XZ backdoor! I think this is the most condensed (and digest) version of this crazy story! 🤯 Hope you'll find it useful! 👇 speakerdeck.com/fr0gger/the-xz…

In August, watchTowr Labs hijacked parts of the global .mobi TLD - and went on to discover the mayhem that we could cause. Enjoy.... labs.watchtowr.com/we-spent-20-to…

We spent a lot of time creating 104 validation benchmarks that mirror typical vulnerabilities in pen tests. After great results with XBOW, we're making them public for the first time. Challenge yourself or your tools—and we’d love your feedback! xbow.com/blog/benchmark…

AppSec Ezine - 552nd pathonproject.com/zb/?ec73537f2e… #AppSec #Security

TL;DR: the Linux networking stack is impressive

The next Dutch hacker camp will be in August 2025. Join us, it will be tons of fun! ⛺️🧑‍💻🛠️🇳🇱 WHY2025Camp m.youtube.com/watch?v=__ZSNa…

Déroulez, c’est hallucinant 🤯 Une vraie parodie de justice… 🤢

TIL private browsing on iPhone and iPad defaults to tunnel your traffic through Apple relays in order to hide your IP address 🤯

Every few years, I've to remind web testers that HTTP includes a TTL-like feature 👨‍🏫 If HTTP is a your daily playground, read the RFCs 😉

If you use Burp Suite, please vote 🗳️ x.com/MasteringBurp/…