Sébastien MARCHAL

@FlixBus_FR Vos agents de support qui mentent ouvertement pour ne pas rembourser des clients on en parle ? Vous allez faire quelque chose pour mon remboursement ?

7 awesome @Burp_Suite Extensions that will help you identify more vulnerabilities 🧵👇

So many beginners ask what to do after finding subdomains 🧵 1. Do directory search 2. Do Github dork 3. Do google dork 4. FUZZ for params 5. FUZZ for vhosts 6. Find Wayback data (gau, waybackurl) 7. Find javascript files 1/n

@Jhaddix Not tech but so zen : youtube.com/c/lockpickingl…

For some reason... Linus Tech Tips calms me down. Tech review and research are therapeutic to me for some reason. Any other good/similar channels like that you all watch?

Another long (hacker) story thread 🧵 = Stealing checks worth millions & pwning a bank = Here’s how I did it, so you can learn. I was once contracted to do a penetration test on a bank… Like, retweet, and follow for more hacker stories! (1/x)

@gf_256 @_nightmared @0b11stan hehe

Me normally: ASLR is a great mitigation. Me 12 hours into an exploit: I want to kill whomever invented ASLR.

Quand même drôle toutes ces personnes manifestant ce weekend contre "la surveillance généralisée"... Bizarrement, on ne les a jamais vu dans nos manifestations contre la Loi Renseignement et son extension récente, contre la surveillance de masse et contre la LOPPSI à son époque.

@_johnhammond taking on a challenge from @samykamkar and @mattaustin #HackLive kernelcon.org

@SecuriTeam_SSD Let's do this !

We are super excited to have reached 10,000 followers and to celebrate, we're giving away 10 custom SSD hoodies that will get you through winter in style! 🥳 To enter just retweet and leave a comment on this post.

@intigriti whoami

If you see a /cgi-bin directory on a webserver, don't forget to gobuster inside that directory looking for extensions like .sh, .cgi, (and even .py, .pl, or more).... you might be able to find a Shellshock vulnerability. That bug is... still around...

I mean I do like rustscan, not gonna lie. When will ALL of our daily tools be ported to rust??

Facebook officially silences the President of the United States. For better or worse, this will be remembered as a turning point in the battle for control over digital speech.

@code_byter Add a little ngrok and you have a self hosted temporary alternative to requestbin

Random useful Linux command for penetration testing: sudo python3 -m http.server 80 What are your favorite commands?

an XSS payload, Cuneiform-alphabet based 𒀀='',𒉺=!𒀀+𒀀,𒀃=!𒉺+𒀀,𒇺=𒀀+{},𒌐=𒉺[𒀀++], 𒀟=𒉺[𒈫=𒀀],𒀆=++𒈫+𒀀,𒁹=𒇺[𒈫+𒀆],𒉺[𒁹+=𒇺[𒀀] +(𒉺.𒀃+𒇺)[𒀀]+𒀃[𒀆]+𒌐+𒀟+𒉺[𒈫]+𒁹+𒌐+𒇺[𒀀] +𒀟][𒁹](𒀃[𒀀]+𒀃[𒈫]+𒉺[𒀆]+𒀟+𒌐+"(𒀀)")() #bugbounty #bugbountytips #cybersecurity

squarectf.com this year starts on 11/13/2020 17:00 EST and runs for 24 hours

With @0b11stan , we placed 72nd out of 750 teams at the SunshineCTF 2020! Our first reverse engineering oriented CTF, so proud to be in the top 100 teams ! #CTF #ReverseEngineering #assemblylanguage #infosec

Here's 7 hours of 🔥 content from #VirSecCon2020 on hacking, web, Android, iOS, recon, bug bounty, OSCP/OSCE by @stokfredrik, @TomNomNom, @ChloeMessdaghi, @B3nac, @dawnisabel, @niden, @zseano, @d0nutptr, @ethicalhacker, @uraniumhacker, and @erbbysam. 🎥youtu.be/B3Udl86Zu20