🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

It's time to present my first little blog post, on XSS WAF bypass Feel free to send me feedback (: onetest.fr/posts/xss-waf-…

We manage to finish at the second place at Insomni'hack CTF finals ! Congratz to all the players and my team mates Romaiη  Noiche La Brosse Adam Nics Vozec Mathis Hammel & mouthon ! Again thanks a lot to the SCRT crew for the challenges ! See you next year !

hi, just wrote my first post on the exploitation of a random github VM, let me know what you think :) numb3rs.re/posts/popping_…

A few weeks ago, I wanted to learn more about XS-Leaks. This ended in a vulnerability in CTFd that was exploitable with a new technique to detect status codes! The following post goes through my process of finding it and the proof of concept exploits: jorianwoltjer.com/blog/p/hacking…

Great research from scryh! I was keeping it for a CTF challenge, but it's probably too late now :p This trick is so powerful that it can be used to bypass most (if not all) server-side HTML sanitizers in the absence of a charset within the Content-Type response header 🤯

Everyone knows that the RFCs for email addresses are crazy. This post will show without doubt that you should not be following the RFC. portswigger.net/research/split…

👀👉9fd0828be2a9d90e89e226f1fcd6d5d9👈

Hi Dear Infosec, @vozec1 & I are thrilled to release our new Spip Exploit Challenge, and start the school-year on an explosive note! 💣 You guessed it, we want you to find our... Unauth RCE on SPIP 4.3.1 🔥 This new challenge starts TODAY, here are the rules: - The challenge

La team CTF ACCEIS fait sa rentrée avec le #CTF Barbhack , une belle première place 🥇 pour l'équipe pioupiou complétée avec Laluka@OffenSkill (Offenskill), Kévin GERVOT (Mizu) (bsecure) et Ooggle #Barbhack24

🎉 Annonce du nouveau bureau de l'ESN'HACK 2024 ! 🎉 Nous sommes ravis de vous présenter notre nouvelle équipe pour l'année à venir. N'hestiez pas à rejoindre notre serveur discord, une annonce relative au SteakOverflow arrive très prochainement. 👀🍖 discord.com/invite/sdCBwdZ

Hello dear Hackers, 🧙‍♂️ After our 1st Spip Challenge ended, Vozec wanted to push the adventure further and found a new Post-Auth RCE ! 🎉😉 I then turned it into an Unauth-RCE 💣 We even managed to make some bucks with it 😏 Today's article is this story & write-up, enjoy! 💌

Merkle & Hellman partent en vacances🏝️🎒lequel optimise son sac à dos ? Les deux 😁Vozec te présente leur cryptosystème et te propose aussitôt de le casser💥Une attaque #ManInTheMiddle et deux attaques par réseaux euclidiens. acceis.fr/attaques-du-cr… #Cryptologie #Cybersécurité

Attacking UNIX Systems via CUPS, Part I evilsocket.net/2024/09/26/Att…

youtube.com/watch?v=fS7fNh… cc Hugow & Vozec 💌

High quality steganographers

My writeup for the KalmarCTF challenge "no sqli" is out, covering the exploitation of CVE-2024-6382, an integer overflow in the Rust's MongoDB library. A very interesting challenge, enjoy! :) worty.fr/post/writeups/…