Maltemo

the watchers: how openai, the US government, and persona have been secretly running an identity surveillance system since nov 2023. vmfunc.re/blog/persona researched by @vmfunc, @MDLcsgo, @DziurwaF

Hoy ! Pas de stream ce soir... MAIS ! Release d'une petite série que j'ai pris plaisir à vivre, tourner, et réaliser sur le travail fait ave d'autres nombreux bénévoles pour @hack_4_values ! On y parle de l'organisation, des enjeux, des ONG évidemment, mais aussi des bugs trouvés, de méthodologie, et de l'aspect HuMaIn ! 💌 Vos partages -très- appréciés, et je vous souhaite une -très- bonne semaine 🌻 youtube.com/playlist?list=…

@TraceLabs @_leHACK_ Will you still be there tomorrow or is this activity only available today ?

If you are attending @_leHACK_ and want to practise your OSINT with real missing persons, join us downstairs in the Le Loft Area near the War Games.

My new research Escalation of Self-XSS to XSS using modern browser capabilities. blog.slonser.info/posts/make-sel…

@noraj_rawsec @Zeecka_ "Bisous" 😂

@Zeecka_ Le nouveau CSS bientôt ⬇️ 😅

🍉 The AperiSolve website just got a fresh new look! - ⚙️ RAM doubled - ⚙️ CPU doubled - 😎 Swag doubled Got feedback? Drop a DM or open an issue: github.com/Zeecka/AperiSo… aperisolve.com

🔍 New research on a niche technique to abuse "GPP Local Users and Groups" to elevate privileges locally through sAMAccountName hijacking. This research comes with a new GPOHound update to detect this misconfiguration. 🔗 Read more: cogiceo.com/en/whitepaper_…

Documenté, Sourcé, Miniaturé, Plus qu'à... Siroter ! 🎁 Cc @Maltemo 🤝 @KharaTheOne youtube.com/live/we_T4x6WD…

Blip @Maltemo Bloup @KharaTheOne Boum 💣️ twitch.tv/thelaluka

I have just released my first tool : GPOHound 🚀 GPOHound is an offensive tool for dumping and analysing GPOs. It leverages BloodHound data and enriches it with insights extracted from the analysis. 🔗Check it out here: github.com/cogiceo/GPOHou…

I think many people are familiar with the topic of blind CSS exfiltration, especially after the post by @garethheyes However, an important update has occurred since then, which I wrote below ->

New Active Directory Mindmap v2025.03! 🚀 📖 Readable version: orange-cyberdefense.github.io/ocd-mindmaps/i… 🔧 Now fully generated from markdown files—way easier to update and maintain! 💡 Got improvements? PRs welcome! 👉 github.com/Orange-Cyberde…

Hi it's me again, I've been calling for a while now, you need to pay your health insurance Sir... Or have some replays? 😏 La dernière Techno Watch avec @Drypaints @Maltemo et @pentest_swissky !🌿 FYI: Pas de stream ce mardi 4 Fev ➡️ HTB Meetup Lyon ! Rdv au Elephant and Castle, début à 19h+ et miniconfs à ~20h ! 😘 youtube.com/watch?v=ysen7Z…

Yop ! 🌿 Reprise des veilles technos ce soir 21h ! 🌖 En compagnie de @Drypaints @Maltemo @pentest_swissky 😎 ~ See you there ~ twitch.tv/thelaluka

Just discovered this nice resource about DOM Clobbering attacks : domclob.xyz Thank you @Soheil__K for this amazing work

@navlys__ @Haax9_ yep je m'en servais de temps en temps, il était bien utile. Après tu peux toujours le laisser en dépôt git, ça ne me pose pas de problèmes :)

@Haax9_ Oui, je cite certains de tes articles dans mes formations OSINT perso.

Yo Twitter/X, ça fait une éternité ! Faute de temps et par flemme, je n'ai pas renouvelé le domaine pour le blog et la cheatsheet. Est-ce que des gens les utilisent/lisent encore ? Comme je ne traque pas réellement les stats, aucune idée de si ça peut servir 😁 Let me know! ✌️

@TheLaluka 👉👈

@Maltemo EK

EKUwu vulnerability was just patched by Microsoft. A security update is available : msrc.microsoft.com/update-guide/v… x.com/TrustedSec/sta…

We're proud to announce LIGHTYEAR, a tool that let you dump files, blind, in PHP, based on a new algorithm. ambionics.io/blog/lightyear…

Just recieved legal policies’ update by mail. « **For the moment**, we don’t activate IA training on European countries ». FOR THE MOMENT Note that Strava already does that on your medical data and doesn’t even let you opt out. GrEaT 🥴

Not suprised, but this will happen with increasing frequency. Fortunately, Europe, UK and Switzerland were spared. Nothing is free. x.com/TutaPrivacy/st…