Zeecka 🥀

@Sim314159 413 means your picture is too big. I just tried with a new picture rn and everything works fine.

@Zeecka_ hey I always get this error when trying to upload a PNG that isn't from your examples

💻 After #OSCP & #OSWE, I spent a year on Offset Unlimited to tackle #OSEP & #OSED, earning #OSCE3. 🚀 Also completed: OSWP, OSTH, OSWA, OSIR, OSCC-SEC, OSCC-SJD, KLCP. 🙏 Big thanks to @offsectraining for the amazing trainings!

Bypassing TLS Verification on Nintendo Switch by Yannik Marchand reversing.live/sslbypass.html

@deedydas @MathisHammel

Huge computer science result: A Tsinghua professor JUST discovered the fastest shortest path algorithm for graphs in 40yrs. This improves on Turing award winner Tarjan’s O(m + nlogn) with Dijkstra’s, something every Computer Science student learns in college.

@CleasbyCode Fixed

@Zeecka_ HTTP error 500

🍉 The AperiSolve website just got a fresh new look! - ⚙️ RAM doubled - ⚙️ CPU doubled - 😎 Swag doubled Got feedback? Drop a DM or open an issue: github.com/Zeecka/AperiSo… aperisolve.com

This looks nicely written: ifixit.com/News/112008/po…

@noraj_rawsec Totalement 👀👀

@Zeecka_ Le nouveau CSS bientôt ⬇️ 😅

Bug bounties ain't just web. Throwback to when @kernelpaniek and I got RCE on Steam Client via a buffer overflow in Server Browser 🚨 Root Cause: 🎯 Wide-char conversion without boundary checks inside serverbrowser.dll leading to stack corruption Exploit: 🪲 Crafted oversized Unicode player name payload 🪲 Unicode-compatible ROP chain built from Steam.exe gadgets 🪲 Dynamic call to VirtualProtect to mark stack executable 🪲 Shellcode launches cmd.exe Impact: 💥 Remote code execution (RCE) on Windows 🤔 Partial control on Linux (2 bytes of EIP) 🤔 SIGABRT on macOS (due to canaries) Delivery: 📦 User tries to connect to a CS game via Steam client 📦 User visits malicious webpage triggering Steam protocol handler Tools: 🛠️ Python for UDP server and payload generation 🛠️ Immunity Debugger for base address retrieval 🛠️ Steam Server Query documentation for packet crafting Read the full report: hackerone.com/reports/470520

@0xacb @kernelpaniek Cc @noraj_rawsec

A North Korean operative attempted to join Kraken. We had some questions. Is that your final answer❓ Let's hear what he had to say.

Ruby Rails bump allowing duplicate keys in to_json leading to information disclosure, awesome root cause ✨

Sans infra ⚒️, pas de challenges ! Courage à nos Infra-makers pour la dernière ligne droite 💪! @adam_le_bon, @HGSlinky, Raphael (from @icodia), @_Ionniz_, @__Sp4rKy__ (from @Claranet_Fr) et @Zeecka_ !

@_zblurx @T00uF @_leHACK_ Awesome work ! This tool really needed a refactor, making PR was really difficult back in the days 🥲. GG

One year ago, @T00uF and I did a talk at @_leHACK_ about DPAPI and #DonPAPI. Well, we've completely rewritten it to add a lot of new features. DonPAPI 2.0 available now 🚀 ▶️github.com/login-securite…

I’m happy to share that after more than eight years with the team, I'm now the President of @rootme_org. Root-Me is more than just an e-learning platform to me - it's where I learned cybersecurity, met incredible people, and even got my first job in the field of reverse engineering. It's a part of my daily life, my resume, and my social network. Over the years, I've witnessed countless individuals significantly boost their cybersecurity skills and secure jobs through Root-Me. I'm immensely proud of what we've built together. Our former president, g0uZ, who did more to Root-Me than anyone else, will remain a permanent member of the organisation, as a Honorary President. Thank you, everyone!

Iconv, set the charset to RCE: in the first blog post of this series, @cfreal_ will show a new exploitation vector to get RCE in PHP from a file read primitive, using a bug in iconv() (CVE-2024-2961) ambionics.io/blog/iconv-cve…

@0xSilou It's brotli compression, also used to detect burp proxy for blue teamers 🙃 dustri.org/b/detecting-an… forum.portswigger.net/thread/brotli-…

Today I experimented a strange bug using Burp. The page was loading this content. Seems like the encoding was wrong, or something like that... I know we are monday, but still

@lildoudou_ Vive la vraie steg (But f*** guessing)*

@Zeecka_ Best stegano website 💪 (But fuck stegano)

Some stats about aperisolve.com on the last 30 days.

@Maltemo 5€ de VPS/mois et 2 domaines .fr/.com (15€/an ?). Idéalement il faudrait que je paie + pour avoir des bonnes perf' mais bon, je suis un rat 🐀.

@Zeecka_ Ça te coûte combien si ce n'est pas indiscret l'infrastructure pour maintenir AperiSolve ?