Don't miss out on James Kettle Listen to the Whispers white paper 👀 ow.ly/l1lK50STBz8 ow.ly/XZ7o50STBz7

Wrote a blog post on abusing exclusions to evade AVs/EDR which is stealthy, effective and an often overlooked topic. medium.com/seercurity-spo…

The official PortSwigger Discord is now open! 🎉👾 Join for access to exclusive events, feature previews, research releases, and to hang out with Burp Suite developers. Join for free here: discord.com/invite/portswi…

🚨SAVE THE DATE! 🚨 The 2nd Pwn conference of the month is coming up! voydstack, Security Expert at Synacktiv and active on Root-Me, will be hosting a live session on Heap exploitation this Friday 16 August at 8pm (UTC+2). 🔥Don't miss this analysis of memory management

Google actually sponsored these courses because they want more Bug hunters to hunt for Android bugs. And my report shows that these courses can work! This sponsorship also means that you do not need a Hextree subscription to watch this content ;) hextree.io/hextree-x-goog…

Hello there La Defcon fait sa rentrée aussi ! Le prochain meetup aura donc lieu le 30/09👾 Nous recherchons un dernier talk/rump/workshop pour cette édition. Dm open 📍Boulangerie Bar - 30/09 à partir de 19h #Lille #Cyber #pentest #infosec

🌧️ On a rainy day, I dove into Pokémon Yellow glitches. Ever wondered how they work under the hood? As kids, we were already hackers manipulating bits in memory! 🔍👾 Read more in my latest blog post: swisskyrepo.github.io/Pokemon-Glitch…

During a recent engagement, Justin Bollinger discovered how an attacker can craft a CSR by using default system certificates. After finding out this method was novel, the team kept digging. Read what they found in our new #blog! hubs.la/Q02SCqpG0

Made a cheatsheet list with all my most posts that match up to Tony's list of HackTheBox machines that are helpful with various OffSec exams. Currently covers three versions of OSCP, OSEP, and OSWE. 0xdf.gitlab.io/cheatsheets/of…

Right before #Pwn2Own Ireland 2024, Baptiste M. found a vulnerability in Synology TC500 & BC500 security cameras. A blind format string exploit allowed code execution, but Synology patched it, securing the devices in time for the competition. synacktiv.com/publications/e…

A few months ago I've created a "Pefect DLL Loader". You can find some details on my article that was just published today ! The full implem can be found directly in the DEF CON workshop in my github ! Hope you will learn something in this 😊 riskinsight-wavestone.com/en/2024/10/loa…

🔥💀After 40 hours of constant reversing of weird looking c++ and no sleep, I Finally cooked the CVE-2024-47575 fortimanager unauthenticated RCE 🩸

We're proud to announce LIGHTYEAR, a tool that let you dump files, blind, in PHP, based on a new algorithm. ambionics.io/blog/lightyear…

Hello ! Rendez-vous ce lundi 25/11 pour le meetup de Novembre ! 👾 Au programme avec Lefnui : - Analyse de la bootrom iOS 📍Boulangerie Bar - 25/11 à partir de 19h (Salle du fond) #Lille #Cyber #infosec

Le prochain meetup aura lieu ce lundi 24/02👾 Au programme : - Pwn2Own Ireland : Retour d’expérience par _Flo t0 Major_Tom On recherche un 2ieme talk pour les accompagner, go dm 👀 📍Boulangerie Bar - 24/02 à partir de 19h (Salle du bas) #Cyber #infosec

GOAD Writeup - Part 14: ADCS – The Rest Exploiting ESC 5, 7, 9, 10, 11, 13, 14, and 15 in Game of Active Directory. mayfly277.github.io/posts/ADCS-par…

Video demo of bypassing Windows Defender App Control with Loki C2! Blog with details coming in 1-2 weeks. Yes -- Dylan Tran and I created an entire C2 in JavaScript and it bypasses all the things 🥷🧙‍♂️🪄

Today I used a technique that’s probably not widely known in the community. In what cases could code like this lead to a vulnerability? ->

BEFORE LE HACK 2025 | PROGRAMME OFFICIEL Nous dévoilons enfin le programme de notre Before LeHack du 26 juin à l'ESGI. Osint-Fr, Hack the Box Meetup : France et les BrHackeuses vous ont concocté une soirée d'exception entre passionnés d'OSINT.

Amazing episode with PortSwigger Research's James Kettle. Back when I started the pod in 2023, I envisioned episodes just like this. High signal, technical, depthful. If you're gonna catch any episode of CTBB, this would be a good one: youtu.be/aVfhWj3z6gk