Ryan Reeves github.com/zeze-zeze/ioct…

¡Gracias a todos los que nos acompañaron en esta edición 33 de #DEFCON! Seguiremos compartiendo y aprendiendo con la comunidad de todo el mundo, y llevando orgullosamente el nombre de México 🇲🇽 Nos vemos el próximo año 💪 #HackThePlanet

We won o/ with doomerhunter (Victor Poucheret) and Snorlhax! #bugbounty #lhe #hackerone

straight to the trash

El barrio de los matchas latte y los Santi... Hack The Box Meetups: México vuelve a #BugCON, más fresa pero con más payload.

Our Security Researcher Tomais published his first research post, reverse engineering CVE-2025-54236 (SessionReaper) - a critical unauthenticated RCE in Magento. From understanding Blaklis's original discovery, we wrote up our analysis here: slcyber.io/assetnote-secu…

It's the year 2025 and nerds are jailbreaking smart beds so they're not dependent on an internet connection, AWS, a monthly subscription, and so the bed doesn't collect your biometric data github.com/throwaway31265…

Cracking the Pixel 8: Exploiting the Undocumented DSP to Bypass MTE - [email protected] Billy from starlabs hitcon.org/2025/slides/b7…

I ported Doom, the legendary first-person shooter, to render directly in terminals using the Kitty graphics protocol, featuring BASE64-encoded 4 KB chunks with SIMD optimization. github.com/jserv/kitty-do…

🔔 New research from Lexfo on pre- & post-authentication vulnerabilities in WSO2 products — uncovering bypasses, RCE, SSRF, CSRF, and account-takeover risks. See our detail article → blog.lexfo.fr/wso2.html #cybersecurity #infosec #offensivesecurity #pentest #WSO2

PARENTS BE VIGILANT THIS HALLOWEEN This evening, after returning from an All-American festive Halloween extravaganza, we discovered an unknown Bad Actor laced my child's food with RICHARD STALLMAN Parents, people are lacing candy, trying to Linux Black Pill kids. BE CAREFUL

Hey, it's me 🤘🏻 (French podcast, sorry)

🚨BREAKING: We uncovered LANDFALL — a commercial-grade Android spyware exploiting a now-patched Samsung zero-day (CVE-2025-21042) through weaponized DNG images sent via WhatsApp, enabling zero-click compromise of Samsung Galaxy devices. 1/ unit42.paloaltonetworks.com/landfall-is-ne…

Glad it is finally published, I had a great time working on that! Sometime Pentests can be fun. openwall.com/lists/oss-secu…

My article about the Munge Heap Buffer Overflow is available here ! blog.lexfo.fr/munge-heap-buf…

Pwning Supercomputers - A 20yo vulnerability in Munge blog.lexfo.fr/munge-heap-buf…

Congratulations to our pentester nol on placing 2nd in the Web Senior category at the #FCSC2026 qualifications, with a score of 3,616 points. This kind of result speaks for itself. Best of luck for the next rounds! 🍀 #CTF #Cybersecurity

Let's play a game - win32 types vs Polish language: LPCWSTR PSZCZYNA WCSLEN WCZESNY LPCTSTR BYDGOSZCZ WSTRZAS HGDIOBJ DOWOD HWINSTA DLUGOSC LPCSTR DWORD KAL LPWSTR SZCZECIN PCWSTR BLAD PUHALF CHUJ UHALF

Really proud to be a trainer at Hexacon !