I almost can't believe it, but I am finally releasing my Gitbook about CTF and Hacking, which is a year in the making. It contains many tricks, explanations, and resources from my experience and research. I hope it becomes a valuable resource for everyone! book.jorianwoltjer.com//

I built something to make your life easier this year. getFullYear.com

Small writeup on my 0day at Casdoor (not fixed yet) Abusing open redirect via pwa protocol handlers blog.slonser.info/posts/why-prot…

Leaking the email of any YouTube user for $10,000 brutecat.com/articles/leaki…

For this challenge, it was necessary to abuse a discrepancy between the DOM and the rendered page in Firefox's cache handling 💽 👉 bugzilla.mozilla.org/show_bug.cgi?i… This allows to shift iframe rendering from one to another leading to a sandbox bypass 🔥 👉 mizu.re/post/an-18-yea…

WOW ! 😨 La chute incroyable de Charles Gamel-Seigneur 🇫🇷, qui parvient à se rattraper après être tombé sur la tête ! Suivez le meilleur du ski alpin sur Eurosport et Max

My writeup for the KalmarCTF challenge "no sqli" is out, covering the exploitation of CVE-2024-6382, an integer overflow in the Rust's MongoDB library. A very interesting challenge, enjoy! :) worty.fr/post/writeups/…

🚨HTTP Request Smuggling in lua-nginx-module!🚨 This affects major proxies like Kong GW, OpenResty, Apache APISIX and many more👀 Check it out: benasin.space/2025/03/18/Ope… Big thanks to James Kettle for his awesome research and for answering all my questions! #bugbounty #bugbountytips

Docs : une alternative Open Source à Notion ou Outline. (P) Ce projet est le fruit d'une collaboration entre les gouvernements français (la DINUM) et allemand (ZenDiS). 👉 Le projet : github.com/suitenumerique… 👉 En savoir plus : docs.numerique.gouv.fr/login/

With Flat Network Society we took part in the Insomni'hack finals and we ended up in second place. The Insotransfer challenge was about an RCE on a FastAPI readonly docker instance, enjoy the read :) worty.fr/post/writeups/…

Quelques semaines après la vaste campagne de manipulation autour de la rencontre Trump-Zelensky, nous revenons en détail sur nos découvertes et notre méthodologie d'enquête. À retrouver sur le blog Agoratlas : agoratlas.com/blog/rencontre…

I'm releasing fontleak: a new CSS injection technique to quickly exfiltrate text nodes (and yes, that includes inline scripts). Works on Chrome/Firefox and Safari*. You can use it to escalate the impact of your HTML injection payloads and to solve CTF challenges.

🔥 Understanding Alcatraz ~ Obfuscator Analysis by Utku Çorbacı - Analysis of Alcatraz Passes with IDA - OEP Finder with Qiling Framework - Scripting with IDAPython 0xreverse.com/understanding-…

The #FCSC2025 ended yesterday, and my write-ups are now available here 👇 mizu.re/post/fcsc-2025… Btw, like every year, all the challenges have also been added to hackropole.fr! 🚩 1/2

I've released my CTF bot template! :D It's not a big deal, but it comes with a heavily hardened Docker setup. The bot also sends a lot of debugging information over the TCP socket (console logs, navigation), which makes remote debugging much easier! 🔎 👉github.com/kevin-mizu/bot…

Checker from Hack The Box has some really complex exploitation steps. There's SQLI in Teampass, SSRF to file read in BookStack using a blind PHP filter oracle, and shared memory abuse. 0xdf.gitlab.io/2025/05/31/htb…

There we go, after 3 years of work, endless nights of dev and a truckload of coffee. We are finally releasing the biggest project we've done in our entire life. I hope you will like it !

Wrote a blog on vector database 101, link in the comments :)

The part about the 0day I used on the TrackDb web challenge for the FCSC2025 has just been disclosed in the writeup, you can read it here: worty.fr/post/writeups/… Please note that this vulnerability is not patched (see the end of the writeup for explanations).

new post! How Docker Works Internally pwnfunction.com/$/docker-inter…