📣 It’s a wrap for #HMIF, the first live #BugBounty dedicated to French scale-ups and unicorns! Congrats to all hunters for reporting 109 bugs and special kudos to smaury, AMEL Bigouden, myst404, Linus Särud, クロマタエ, Blaklis, Nicolas Verdier, Brumens, Hansluz 👏🏼 #YesWeRHackers

let's listen to CVE-2022-38392 guys 🎶

Just published a writeup containing 10 CVEs for Tenda's W15Ev2 AC1200 SOHO router. If you like bug-bounty blogs with meat on the bone you'll enjoy the read ❤️ boschko.ca/tenda_ac1200_r…

I'm working on a nextgen pupy version ! stay tuned

#CVE-2022-23529 ... wtf ? with an article from palo alto #unit42 :') there is still plenty of 0days like that to report look

The time is finally here….👀 🥁 Drumroll, please 🥁 Join us in celebrating the Elite Eight teams moving on to Round 3 of the #AmbasssorWorldCup! The next round kicks off in just three short weeks. Which team will you be cheering on?

Turns out you don't need semi-colons to batch queries in MSSQL! SELECT * FROM test WHERE id = 1 WAITFOR DELAY '0:0:5' Great writeup by GoSecure, we'll update the Web Security Academy SQLi cheat sheet shortly. gosecure.net/blog/2023/06/2…

Special shout-out to the #TeamParis members! Elweth Icare Nicolas Verdier truff @yanzax @NeolexSecurity @Louzogh @Aituglo abc Lilian Fellice Supr4s Liodeus Lucien Doustaly « Wlayzz » Nicknam3 szd Insecurity クロマタエ Geluchat SakiiR adibou BZHash

The results are in! 📊 The four teams moving on to Round 4 of the #AmbassadorWorldCup are #TeamParis🇫🇷, #TeamIsrael 🇮🇱, #TeamNepal🇳🇵, and #TeamSpain!🇪🇸 Congratulations to all AWC teams for the incredible teamwork and effort put into protecting our AWC partners. 🙌

French Team 🇫🇷 HackerOne

The #ambassadorworldcup finally come to an end! Congratz #teamspain for your deserved world champion title! We were fighting with the team against the #teamnepal, which was a close fight. We did our best and we don't know yet the result, but whatever, I'm super proud of the road

just came back home from HackerOne #ambassadorworldcup at Buenos aires ! Amazing time there ! Special thanks to all my teammates from #teamparis 🇫🇷 for all the collabs, skills and good hacking vibes. 😁🏴‍☠️. GG everyone and in particular #teamspain for the well deserved 🏆

Thanks YesWeHack ⠵ for the LHE invitation ! looking forward to meet fellow hackers, collaborate and hack on some targets !

The first round of HackerOne's #AWC just ended and the 🇫🇷 finished 1st of the qualifiers. I'm also very proud to finish 1st on the individual leaderboard for this round 🙃 GG everyone 🔥!

As it is a good moment to celebrate our success a bit : France not only finished 1st in that qualification round, they finished 1st by a massive amount of points! (668 vs 296). On a more personal note, Nicolas Verdier and I are the top 2 scorers in bounties during that round. What a

I recently found a blind FreeMarker SSTI on a bbp. It was not possible to RCE but I found some nice gadgets to enumerate accessible variables, read data blindly or perform some DoS. I documented that here if someone is interested gist.github.com/n1nj4sec/5e3ff…

I'm a hacker and AI researcher who has reported vulnerabilities to OpenAI, Google, and others. I wrote this guide as a reference of all of the ways that you can hack AI. It has saved me hours. Bookmark this if you need a reference for what all to try (AND includes mitigations).

My french team, for the world cup, and in collaboration with my wife, printed me a hoodie with a redacted payload on it. That bug was super fun, but quite hard to exploit! If encoded words, RFC2047 and so on are strange words to you, Gareth Heyes \u2028 presented at the same time their

Today was my last day as a pentester at Bsecure, and it feels a bit surreal. After a three-year journey of hunting on the side, I’m finally ready to go all-in as a full-time bug bounty hunter. To celebrate this milestone, I've written an article sharing the full story. It’s a

I'm happy to release a script gadgets wiki inspired by the work of Sebastian Lekies, koto, and Eduardo Vela in their Black Hat USA 2017 talk! 🔥 The goal is to provide quick access to gadgets that help bypass HTML sanitizers and CSPs 👇 gmsgadget.com 1/4