p0sql

I currently do analysis of PKU2U protocol which is used by joined clients to Azure AD during an authentification. For my part, this protocol is very interest because we can call it "The Kerberos of Web" lol.

@ThisIsJaxxou Qui est l’auteur du livre ? Y’a un lien pour achat ?

Voilà, même si je doute que tu saches lire sale pute.

bro

"You penetration test 'em so you simulate the pressure" 🗣️🔥🔥

In a few days I will be publishing a guide on how to exploit this RCE to get code execution on any control plane node from a worker node. (without the commands being logged of course). Or you could just steal all the certificates, compromise etcd, and control the cluster.

Excited to disclose my research allowing RCE in Kubernetes It allows running arbitrary commands in EVERY pod in a cluster using a commonly granted "read only" RBAC permission. This is not logged and and allows for trivial Pod breakout. Unfortunately, this will NOT be patched.

Defending my Spring Boot Java app that uses 64GB RAM to return { "status": "ok" }

Ingress NGINX is being retired in March 2026. After this date, no security patches or bugfixes will be issued. Plan your migration to Gateway API or a supported controller now. Read the retirement guide: kubernetes.io/blog/2025/11/1…

Microservices turned a 5-second monolith debug session into a 3-hour distributed tracing archaeology expedition.

Premier jour à la Poste, fait une petite mise à jour informatique et pris mon après midi

Kubernetes is retiring the NGINX Ingress Controller by March 2026. And the internet is having another meltdown. "NGINX is dead!" "Kubernetes is abandoning us!" It's the Docker panic all over again. NGINX, the web server, is completely fine. It powers half the internet and isn't going anywhere. It's the Ingress NGINX controller that is retiring. This is one specific Kubernetes project that uses NGINX under the hood to route external traffic into your cluster. Why is it happening? The Ingress NGINX project has been running on fumes with just one or two people maintaining it in their spare time. Security holes kept showing up. They tried building a replacement and begged for help. Nobody came. So instead of pretending everything’s fine while your clusters are at risk, Kubernetes is being honest and saying, “This thing can’t continue safely, please move on by March 2026.” Unfortunately, even that announcement failed to generate additional interest in helping maintain the project. What should you do? Move to Gateway API. It's more powerful, better maintained, and where the ecosystem is headed. Cloud providers are already adopting it by default. Or switch to another Ingress controller like Traefik or HAProxy. Many support both Ingress and Gateway API, giving you time to migrate properly. You have options. You have time. Don't panic. it This is progress, not the end of the world. Read the full breakdown here: @akhilesh-mishra/nginx-ingress-controller-is-retiring-and-no-nginx-isnt-dying-b67a166b36de" target="_blank" rel="nofollow noopener">medium.com/@akhilesh-mish…

First day in #Cloudflare as system engineer 😍 wish me luck

Collection of over 65 tools for blue teaming activities

Anybody can run Wireshark and see for themselves how much "Encrypted Client Hello" is supported. It'll work between your Chrome browser and Google, but it's rarely supported otherwise. I'm at a public WiFi and just went to PronHub to demonstrate this. It's TLSv1.3, which supports ECH in theory, but not practice. The website name is right there in the packets. In other news, it appears the site is block in the state of Georgia due to age verification laws. This is probably why people actually use VPN, to make it appear they live in a different state. BTW, you don't have to trust me because I'm an expert (though I am), but because I show data.

"after 11 technical interviews" "your work has been accepted into our codebase" interviews are getting out of hand

#UYBHYS [Vendredi 7/11 14h] WORKSHOP de @virtualabs : Hack d’objets connectés Bluetooth Low Energy avec le framework WHAD unlockyourbrain.bzh #UYBHYS25

Venez nombreux ! Ça va être la folie 🔥

Heeey, I got my SANS coin, thank you @SANSInstitute. Crazy design 🔥 ranges.io/profile/p0sql

Il a démissionné de Crowdstrike pour aller chez AWS. Il a encore frappé, incroyable.

———BEGIN PRIVATE KEY———

#UYBHYS [Vendredi 7/11 10h] WORKSHOP de Warren Postdam : Sécurité de la signalisation d’un cœur de réseau 5G avec py5sig unlockyourbrain.bzh/ateliers/