Philippe Arteau

We’re finally live! You can now watch “Listen to the whispers: web timing attacks that actually work” on YouTube: youtube.com/watch?v=zOPjz-…

Did you know that the CPU vuln "Zenbleed" 🩸 (CVE-2023-20593) was found through fuzzing? I was able to talk to @taviso and learned about his novel approach 🤯 it is so clever!!

🎯 "After some research; [...] we had to conclude that this was unknown to the public and that it could potentially be an unintentional bug in MSSQL." Read our latest blog ⬇ bit.ly/3PoAnJM #cybersecurity #AWS #Amazon #EthicalHacking

Achieved first blood jackpotting the ATM at @NorthSec_io #nsec2023 CTF this weekend! The most insane and thrilling hack I've pulled off at a CTF so far, it certainly caught the eyes of everyone in the room and the event organizers, describing it "straight out of a movie"!

It's now to late to register (the training session started today) but here's a funny video @h3xstream made about my training... youtube.com/watch?v=2WRSPw… Fun fact: during my first @NorthSec_io training session years ago, both @h3xstream and @el_d33 were in the room! 😓

Today, I learned that Express returns a Refer*r*er header via `req.get('referer')` code: #L77-L80" target="_blank" rel="nofollow noopener">github.com/expressjs/expr…

Here is my @ConfooCa presentation on developing your first #Chrome extension: h3xstream.github.io/confoo-first-c…

Java doesn’t stop to amaze me. CVE-2022-45146 is one of the most bizarre bugs I’ve seen lately. github.com/bcgit/bc-java/…

Had some fun with OGNL sandboxes last year. Read how I bypassed Atlassian Confluence and Struts ones in my latest blog post github.blog/2023-01-27-byp…

Chrome has removed the path property from events in version 109. We've updated our article about bypassing CSP with AngularJS to reflect this. The workaround is to use the composedPath() function. portswigger.net/research/angul…

Nominations are now open for the Top 10 web hacking techniques of 2022! You can view the current nomination list and submit your favourite new techniques here: portswigger.net/research/top-1…

Another SAML bug to wrap up the year: bugs.chromium.org/p/project-zero….

I just published Exploring the World of ESI Injection Feedbacks are appreciated , let me know if you liked it or not :) Special thanks to @nytr0gen_ link.medium.com/0WFFFk7n9vb

Are you using the browser’s autofill feature to log in? See how it can be used to steal your credentials with an XSS in this blog post by @mo_bergeron: gosecure.net/blog/2022/06/2… #GoSecureTitanLabs #browser #xss #cybersecurity

@obilodeau @NorthSec_io 📚History! So next year will be the 12th edition?

Stumbled upon my original proposal document to host a Hacker Jeopardy at HackUS 2 in 2011. Still doing it 10+ years later at @NorthSec_io!

Over a month ago Apache Struts submitted fixes for CVE-2021-31805. Not sure everyone noticed, but there were multiple RCEs fixed in this. Here was another: mc0wn.blogspot.com/2022/05/2nd-rc…

If you see two guys wearing Synacktiv t-shirts with big antennas, you should turn around with your @Tesla! 0-click RCE demonstration on a real vehicle, with CAN messages sent to switch on headlights, wipers and trunk 😎 #Pwn2Own

"Abusing HTTP hop-by-hop request headers" by @nj_dav was nominated as a top web hacking technique back in 2019, and has just blossomed into an F5 BIG-IP unauth RCE! nathandavison.com/blog/abusing-h… portswigger.net/research/top-1… github.com/horizon3ai/CVE…

Finding #Java gadgets chains has never been so easy with the help of #CodeQL. Checkout our latest article, in which @hugow_vincent demonstrates a new technique to leverage the power of CodeQL to find new gadgets: synacktiv.com/en/publication… QLinspector: github.com/synacktiv/QLin…

I wrote an article about small privacy leaks prevalent in web applications. These are not the most critical vulnerability patterns, but it was still a lot of fun to document.