🚀 VIGINUM ouvre son compte #GitHub. Première publication en ligne : le rapport technique #RRN au format STIX 2 : github.com/VIGINUM-FR/Rap… #OpenCTI @Alliance4EU European External Action Service - EEAS 🇪🇺

Hi Barbhack folks! 🌻 As I failed to finish my rump in time, here are the slides ! The tool will be open-sources at some point, but hey, it's all in the slides, just a few lines of code & cool tech ! ^.^ Have a nice event & CTF ! 💕 drive.google.com/file/d/1sm7kGC…

Vous avez peut-être déjà entendu ça : "les escaliers des châteaux médiévaux sont construits en spirale vers la droite, pour compliquer la tâche d’un attaquant". C’est très joli comme explication... mais c’est faux. Un thread ⬇️! #medievaltwitter #histoire

A GitHub flaw lets attackers upload executables that appear to be hosted on a company's official repo, such as Microsoft's—without the repo owner knowing anything about it. The following URLs, for example, make it seem like these ZIPs are present on Microsoft's source code repo:

Iconv, set the charset to RCE (part 2): Charles Fol exploits direct iconv() calls to hack the PHP engine, and its most popular webmail, @Roundcube (CVE-2024-2961). ambionics.io/blog/iconv-cve…

As promised, here's how you can attack Roundcube using CVE-2024-2961. Not to be redundant with my @offensivecon talk, I go for a data-only attack, giving more insight into the PHP engine.

Microsoft has uncovered a vulnerability in ESXi hypervisors, identified as CVE-2024-37085, being exploited by threat actors to obtain full administrative permissions on domain-joined ESXi hypervisors and encrypt critical servers in ransomware attacks. msft.it/6012lbTai

I'll be at on stage Saturday at 5:30 to talk about how PHP makes bad primitives look good! #defcon32

A critical pre-auth remote code execution vulnerability was found in Jupiter X Core <= 4.6.5 (CVE-2024-7772). Learn how to exploit it in our latest blog post! blog.lexfo.fr/jupiterx-rce-c…

New writeup from ꙅɿɘƚɔɘqꙅ and I: we're finally allowed to disclose a vulnerability reported to Kia which would've allowed an attacker to remotely control almost all vehicles made after 2013 using only the license plate. Full disclosure: samcurry.net/hacking-kia

My #DEFCON32 talk is out. youtu.be/11Yv2Ru7gF8

Grâce à des techniques d'OSINT, nous avons identifié des similitudes frappantes entre ces sites, révélant des liens avec des acteurs communs. Découvrez comment nous avons démêlé ce réseau et les résultats surprenants de notre investigation !blog.lexfo.fr/the-business-o…

🕵️ OSINT L'équipe CTI de Lexfo a investigué des réseaux de faussaires vendant des faux documents sur le clear web. À l'aide de l'OSINT, ils ont pu identifier des similitudes entre les sites web, révélant des acteurs communs. blog.lexfo.fr/the-business-o…

Pre-authentication SQL injection to RCE in GLPI (CVE-2025-24799/CVE-2025-24801) blog.lexfo.fr/glpi-sql-to-rc…

The business of forged documents: Investigation into a complex network blog.lexfo.fr/the-business-o…

🛡️CYBERSEC L’équipe CTI de Lexfo a réalisé une analyse de World Leaks, une plateforme d’extorsion créée par les opérateurs d’Hunters International en début d’année. L’article mentionne ses collaborations avec d’autres groupes de cybercriminels, notamment le groupe de

We produced an analysis at Lexfo on World Leaks, the extortion platform created by the operators of Hunters International and originally uncovered by Group-IB Global Group-IB Threat Intelligence. blog.lexfo.fr/world-leaks-an… We welcome your feedbacks 😉

🌍 World Leaks: an extortion platform 🚨 Our CTI team produced an analysis of World Leaks. The article covers its origins, operational challenges, and collaborations with other threat actors. blog.lexfo.fr/world-leaks-an… #ThreatIntelligence #WorldLeaks #CTI

👾🔒New Analysis: Secp0 Ransomware! 🚨 Our CTI team with our CSIRT, has analyzed the Secp0 ransomware. It operates as double-extortion ransomware, encrypting data and threatening public disclosure, targeting Linux systems. All the details in our report : blog.lexfo.fr/analysis-of-se…