CVE-2022-37155 RCE in SPIP 3.1.13 through 4.1.2 allows remote authenticated users to execute arbitrary code via a GET parameter cve.mitre.org/cgi-bin/cvenam…

Très fier de finir à la première place avec les potes de l’ ESNA de Bretagne :) Gg a vous Atlas Hell Diner Itarow Woody SpawnZii Roadrunner, но медленнее D1n0x0r & d’autres :) Huge play aux potes de GCC-ENSIBS , on a eu chaud vous étiez bouillant :p

[THREAD] Les intimidations de 2600 après le PWNME, quelle ambiance ! 1/10

End of the CTF ! 🔥 The writeups will be available shortly: github.com/HeroCTF/HeroCT… GG to everyone and to the winners Medus'hack ! Many thanks to our sponsors 🙏 Really hope you enjoyed😄

Un immense merci à l'organisation du HeroCTF pour son infra et ses challenges d'une qualité exceptionnelle ! 👏 Bravo à tous les participants et félicitations à nos joueurs Itarow shinji Woody SpawnZii Atlas pour leur performance ! 🔥🔥

I'm a real hacker on YesWeHack ⠵

📣 Give it up to the brave survivors of Brains & Bytes 📣 #UniversityCTF23 has come to an end, and these are its champions: 🥇 @GCC_ENSIBS 🥈 ESNA de Bretagne 🥉 @Phreaks2600 Thank you, everyone, for participating in the epic #CTF, and of course, stay tuned for more to come 😉

In September, I looked into mlflow, and found several critical vulnerabilities 😁 Most of these reports are now patched and publicly available here: huntr.com/users/kevin-mi… My favorite one involves a fully controlled file write via a custom rogue FTP 👇huntr.com/bounties/029a3…

Our ninja Worty identified a remote code execution from a privileged user in Cisco Access Point WAP371. This vulnerability referenced as CVE-2024-20287 will not be patched, apply network restrictions to protect your appliances. synacktiv.com/advisories/rem…

Our ninja Worty in collaboration with SpawnZii (from Bzhunt) found 5 vulnerabilities allowing to compromise accounts and execute arbitrary commands on GestSup. Update to 3.2.45 and read the security details in the technical advisory: synacktiv.com/advisories/mul…

Thanks for the swag 🧦 ☕️ YesWeHack ⠵

I've stumbled upon another security issue with macro execution in LibreOffice! 😅

Slightly late, but I was also lucky enough to take part in HMIF YesWeHack ⠵ at Louis Vuitton A great event with great people !

Yay, I was awarded a $12,000 bounty with Chackal (Esdras DAGO) on HackerOne! hackerone.com/spawnziii #TogetherWeHitHarder

Awesome work from Aituglo ! Try hackyx.io for learning, find way to exploit vulnerabilities, read write up. It’s a real game changer and it’s free ! Send us your suggestions for data to scrape or feel free to contribute to the github repo. 😁

Just got a reward for a critical vulnerability submitted on YesWeHack ⠵ -- OS Command Injection (CWE-78). #YesWeRHackers

🎵 Please don't pwn the music 🎵 Who could say no to a party before a #LHE? Not our bug hunters! They joined our pre-hack party last Friday after an exciting 1st day at leHACK. With fresh beer, great music & amazing people, it was surely a night to remember! #HackThePlanet

Just published a quick blogpost about my failing journey trying to get a valid entry for this edition. link.medium.com/AJgtsUo2MNb I'll keep trying until I succeed! In the meantime I wish good luck to all participants and may the demo God be with you 🤘

Just got a reward for a critical vulnerability submitted on YesWeHack ⠵ -- SQL Injection (CWE-89). yeswehack.com/hunters/spawnz… #YesWeRHackers

Heyo ! 🍺 Prochain stream demain Mardi 11 Fev à 21h ! Au programme : - Intro Actus & Mini Techno-Watch - Then GestSup Pwning avec Worty & SpawnZii 🧨 See you there ! ➡️ twitch.tv/thelaluka