While researching old blog posts, I found this: amlw.dev/vrp/135276622/ It reminds me to start fuzzing everything, no matter how silly it seems.

Did everyone knew this but me ? GRC allows you to colorize your nginx logs, what a lifesaver when you're working on these tricky SSRFs

It popped :D Now onto the post-exp with the bros Geluchat and Nicolas Verdier 😏

bugzilla.mozilla.org/show_bug.cgi?i… This is a big change for DOM Clobberers. Firefox Nightly no longer allows native document properties to be overwritten by elements with a name attr, e.g.: <img src=a name=currentScript> <script> alert(document.currentScript)// HTMLScriptElement </script>

Does your WAF use IP restrictions, or are they more like IP recommendations? nyxgeek reveals the difference between RemoteAddr and SocketAddr, a distinction that could create a 'sleeper' rule that looks secure but is easily bypassed. trustedsec.com/blog/azures-fr…

Turns out you can just hack any train in the USA and take control over the brakes. This is CVE-2025-1727 and it took me 12 years to get this published. This vulnerability is still not patched. Here's the story:

I will now exclusively submit reports using video pocs in this tiktok format

I thought Golang had pretty secure defaults for parsing JSON, XML, YAML. But apparently there are some unexpected security footguns... Trail of Bits' Vasco Franco explores unexpected behaviors in Go's JSON, XML, and YAML parsers that can lead to security vulnerabilities,

Might be quite interesting for the AWS hackers out there

Got the cutest fridge magnet after the HackerOne Milan event 🥹

Vibe hacking : Besides creating complex PoCs recently with agents, I've been using NotebookLM to increase my efficiency. Pretty crazy increase in performance on my side, ranging from : - Providing perfect context to my AI agents to generate PoCs (got a couple very severe bugs

RCE is definitely one of the best feelings you can get. Fun ride with the bros Geluchat and Nicolas Verdier Still took 2 weeks of research tho (and vibe hacking that I'm guilty of...)

Ready to explore how AI is transforming Ethical Hacking? We've put together some introductory hands-on examples including: 🔍 Recon & Discovery Contextual subdomain enum, screenshot analysis, and content discovery ⚡ Exploit Development Automated vulnerability detection 🤖

Sadly, my talk on AI Hackbots was turned down at Unlock Your Brain, Harden Your System ! Where should I perform it now ? :D

I'm happy to release a script gadgets wiki inspired by the work of Sebastian Lekies, koto, and Eduardo Vela in their Black Hat USA 2017 talk! 🔥 The goal is to provide quick access to gadgets that help bypass HTML sanitizers and CSPs 👇 gmsgadget.com 1/4

Hack in Milan : Went on a trip, found a few crits with the boys Geluchat Nicolas Verdier :D Check out the edit below. 📣 Nujabes - Feather Really great challenge by HackerOne can't wait for the next one !

🇫🇷🎙️Nouvel épisode du podcast Hack'n Speak accompagné de doomerhunter (Victor Poucheret) 🌺 On parle de son parcours, de bug bounty, d'évènement on site et d'IA ! 🥇 Bonne écoute à toutes et à tous 🎶 creators.spotify.com/pod/profile/ha…

We won o/ with doomerhunter (Victor Poucheret) and Snorlhax! #bugbounty #lhe #hackerone

Yay, we (doomerhunter (Victor Poucheret) Snorlhax and I) were awarded a $125,000 bounty on HackerOne, for a single bug! Thanks, Epic! hackerone.com/blaklis #TogetherWeHitHarder