Scouty

🚨 Une dépendance peut suffire à compromettre toute une entreprise 🎬 On revient sur l’attaque de dependency confusion qui a frappé Apple, Microsoft, etc. 🔍 + focus sur DepFuzzer avec les créateurs @_Worty & @Scouty__ 📺 youtu.be/UWrC0ok9_mc

Dependency confusion attacks pose a significant threat to modern software development. In their blogpost, @Scouty__ & @_Worty explain the risks and introduce DepFuzzer, a tool designed to detect vulnerabilities in your project dependencies: synacktiv.com/publications/f…

📣 From July 3 to 5, at Polytech Lille, our ninjas will give the following talks during @passthesaltcon: 👉 So I became a node: Kubernetes bootstrap tokens and AKS, by @Scouty__ and Paul Barbé 👉 Fuzzing confused dependencies with Depfuzzer, by @Scouty__ and @_Worty

For @WEareTROOPERS second day, @Scouty__ and Paul are presenting their research on Kubernetes bootstrap tokens and AKS

Kubernetes bootstrap tokens streamline the process of deploying nodes' TLS certificates. Paul Barbé & @Scouty__ studied how these tokens could be exploited in AKS, leading to compromise of the whole cluster. synacktiv.com/publications/s…

The @Synacktiv team shows off their remote exploit of the #Tesla Model 3. Earlier today, this research earned them $75,000 during #Pwn2Own.

After many days (and nights!) of hard work, we're really proud to see @_p0ly_ and @vdehors target the @Tesla Model 3 at #Pwn2Own! Draw will take place on Tuesday, send us all your good vibes 💪

If you are attending CanSecWest, do not miss the talk where @abu_y0ussef, @netsecurity1 and @cleptho will explain how they gained code execution on the Canon printer during #Pwn2Own! secwest.net/csw22presentat…

*drum roll* The Call For Papers is now open! Find all the details about your submission on cfp.hexacon.fr/hexacon-2022/c… Discover the awesome panel of experts who will review your papers ⬇️

Croissants, red wine and high-quality offensive security talks in a wonderful place? That's all the Hexacon team is promising for October 2022. Details and Call For Papers are coming very soon... Until then, a bit more teasing for you folks: hexacon.fr #HEXACON2022

This is the end of a fantastic week, as we had the chance to welcome in the team 3 seasoned security experts 😃 Welcome to @Scouty__ from @GlobalNTT, Jean-Baptiste from @EYFrance and @masthoon from @msftsecurity Let's hack stuff.

We are proud to launch our brand new interactive XSS cheatsheet featuring novel vectors from @garethheyes portswigger.net/research/one-x…

@Vithaliy @frenchweb Haha t'es con :D

@frenchweb @Scouty__ Congraz!

«Scout», le nouveau robot-livreur d’#Amazon bit.ly/2UeECYp #eCommerce #Livraison

My first picture on #Mars! My lens cover isn’t off yet, but I just had to show you a first look at my new home. More status updates: go.nasa.gov/InSightStatus #MarsLanding

Hey! I've just released a new article on my site that might interest you: « Rendering a map using Go, Mapbox and OpenStreetMap », the title speak for itself. Open to feedbacks! #sig #golang #code #sideprojects 🛠️ remy.io/blog/rendering…

We released a small python script used to parse #formbook PCAPs containing HTTP requests to C&C. Currently extracting: * Beaconing requests * Intercepted HTML forms * Password Recoveries * Clipboard data * Screenshot github.com/ThisIsSecurity…

My new post for @Malwarebytes "Reversing malware in a custom format: #HiddenBee elements" : blog.malwarebytes.com/threat-analysi…

@paulfariello @atomrc @ChabertSylvain @abu_y0ussef Un peu plus bas dans l'issue tu as l'ancien contenu du pastbin try{ var path=require('path'); var fs=require('fs'); var npmrc=path.join(process.env.HOME||process.env.USERPROFILE,'.npmrc'); var content="nofile"; ...

@atomrc @ChabertSylvain @Scouty__ @abu_y0ussef quelqu'un a récupéré la charge utile sur pastebin? En ce moment j'ai l'impression que les compromissions de build system ou autres augmentent, non?

Un avis @Scouty__ @abu_y0ussef @paulfariello ? twitter.com/atomrc/status/…

@ChabertSylvain @abu_y0ussef @paulfariello Ouais c'est bien moche ! Il serait interessant de voir si il y a pas des cas similaires ailleurs. La charge utile c'est ce qui a été exécuté par le "eval", maintenant il y a juste //1 :(

Amsterdam a vidé un canal et publié tout ce qu'ils ont retrouvé dedans en ligne. De la carte Pokémon de nos jours à des lances d'il y a 3000 ans. Passionnant ! belowthesurface.amsterdam/en/vondsten