It's time to present my first little blog post, on XSS WAF bypass Feel free to send me feedback (: onetest.fr/posts/xss-waf-…

github.com/Icare1337/Libr… #BugBounty #bugbountytips #libreoffice

Sometime ago I found another vulnerability on Adobe Commerce while hunting with the French team during HackerOne world cup. What a pleasure to hunt with one of the best hackers I know => Blaklis 🔥

Really proud of those bypass/mXSS variations. They involve some cool second-order DOM Clobbering and a new mutation gadget that I would like to call the elevator x) 1/2

DOMLogger++ v1.0.4 is now out and available in stores! It comes with new features that allow you, for example, to easily dig into DOM gadget occurrences after an innerHTML sink 🔥 More details can be found here 👇 github.com/kevin-mizu/dom… 1/3

New update on Hackyx! You can now share with us any technical content, blog post, or writeup that you found interesting. It will then be moderated before being added to Hackyx. hackyx.io

A few weeks ago I found a vulnerability in Apache Allura while reading an excellent paper from Sonar Research and the according fix. CVE has been published today. allura.apache.org/posts/2024-all… #offensivesec #infosec

I'm very excited to finally share the first part of the research I did into Ghostscript. This post details the exploitation of CVE-2024-29510, a classic format string bug, which we abuse to bypass the SAFER sandbox and gain RCE. codeanlabs.com/blog/research/…

My team (France) finishes first at the HackerOne #AmbassadorWorldCup qualification round. What a pleasure to be part of such an engaged and skilled team !

The time has come, and with it your reading material for the week. Phrack #71 is officially released ONLINE! Let us know what you think! phrack.org/issues/71/1.ht…

🎬 #TalkiePwnii is LIVE! Introducing our new series starring pwnii! In each video, Pwnii will break down Dojo challenges, sharing various solutions & technical tips 😎 Catch the first episode about our ‘Shell Escape’ challenge 👇 #YesWeRHackers youtube.com/watch?v=Rw3wWi…

I'm thrilled to finally share my research on HTML parsing and DOMPurify at @GreHack 2024 📜 The research article is available here: mizu.re/post/exploring… The slides are available here: slides.com/kevin-mizu/gre… 1/3

I recently found a blind FreeMarker SSTI on a bbp. It was not possible to RCE but I found some nice gadgets to enumerate accessible variables, read data blindly or perform some DoS. I documented that here if someone is interested gist.github.com/n1nj4sec/5e3ff…

medium.com/@amellb/the-gr… #BugBounty

Half of our 2025 Bucket List has already been achieved 🤯 Kudos to truff, Icare & Supr4s for the epic collab, and to Xel for the massive impact! Bug hunters, keep crushing it - swag packs are up for grabs! 🎁 #YesWeRHackers

Some time ago I found 2 vulns in Collabora Online that when chained allowed to arbitrary file write. When digging further with my colleague Icare we found out a pre auth RCE in a largely used open source software. We'll do a write up later. CVE below: github.com/CollaboraOnlin…

Some time ago while hunting with Icare and looking for bugs in Ghostscript I found a vulnerability that allows to local file read / write. This led to CVE-2025-46646. nvd.nist.gov/vuln/detail/CV… - #infosec #bugbounty

My french team, for the world cup, and in collaboration with my wife, printed me a hoodie with a redacted payload on it. That bug was super fun, but quite hard to exploit! If encoded words, RFC2047 and so on are strange words to you, Gareth Heyes \u2028 presented at the same time their

I'm happy to release a script gadgets wiki inspired by the work of Sebastian Lekies, koto, and Eduardo Vela in their Black Hat USA 2017 talk! 🔥 The goal is to provide quick access to gadgets that help bypass HTML sanitizers and CSPs 👇 gmsgadget.com 1/4

One time I tried to explain Kerberos to someone. Then we both didn't understand it.