Effrite - CyberDjinn

@_barbhack_ @touloncongres @_Ionniz_ @yop_solo Well done, see you there !

🚀 We have a 🏆 team! Félicitations 🎉🎊 See you @_barbhack_ 2023 Le 26 août à Toulon @touloncongres GG @_Ionniz_ @yop_solo

Popular interview question: how to diagnose a mysterious process that’s taking too much CPU, memory, IO, etc? The diagram below illustrates helpful tools in a Linux system. 🔹‘vmstat’ - reports information about processes, memory, paging, block IO, traps, and CPU activity.

I found a vulnerability in #Azure allowing me to access Azure accounts of companies worth billions We all know vulnerabilities exist. This isn't an injection, XSS, or RCE. But the crazy thing about it? It took 2 hours to discover. 🤯 Here's the story of #AutoWarp👇 (1/10)

Are you available for #BlackHatEurope in London next week and eager to attend @BitK_ Arsenal session? We have 2 tickets to give away. To win one: follow us, retweet this before 05/11, 4pm CET, and cross your fingers 🤞 #YesWeRHackers #SharingIsCaring blog.yeswehack.com/events/black-h…

Apache <= 2.4.48 - Mod_Proxy SSRF (CVE-2021-40438) Nuclei Template - github.com/projectdiscove… Reference - firzen.de/building-a-poc… #apache #cve #ssrf #bugbounty #pentest #appsec

Yet another Account Takeover technique. Seperator: email=victim@mail.com,hacker@mail.com email=victim@mail.com%20hacker@mail.com email=victim@mail.com|hacker@mail.com Array: {"email":["victim@mail.com","hacker@mail.com"]} Follow for more #infosec updates and #bugbountytips

Just created a working POC for CVE-2021-40444 with folks @EG_CERT

Fiche anti #FUD par @nono2357 👍 @rlifchitz/fausses_idees_bitcoin" target="_blank" rel="nofollow noopener">hackmd.io/@rlifchitz/fau…

Nos experts #cyber @podalirius_ et @_nwodtuhs vous proposent aujourd’hui un nouvel outil #pentest qui a pour objectif d’extraire les mots de passes stockés dans les préférences de stratégie de groupe (#GPP) sous #Windows. + d’informations ⬇️ ow.ly/DzOa50EVw91

My colleague @seanyeoh wrote up his security research on H2C smuggling and the various cloud providers he successfully exploited (Cloudflare, Azure). He also released a tool called h2csmuggler! Check it out at blog.assetnote.io/2021/03/18/h2c…

First one to misspell 'Intigriti' in the comments will get blocked 👇

Grammarly disclosed a bug submitted by fransrosen: hackerone.com/reports/1082847 - Bounty: $3,000 #hackerone #bugbounty

New writeup: "We Hacked Apple for 3 Months: Here’s What We Found" Featuring... @bbuerhaus, @NahamSec, @erbbysam, and @_StaticFlow_ samcurry.net/hacking-apple

I released v0.1 of Hetty tonight! 🐣 Building an open source alternative to Burp Suite Pro. I’d love to know what features infosec peeps use the most. @InsiderPhD @AlMadjus @ngalongc @_tomsteele @TomNomNom can you recommend some maybe? github.com/dstotijn/hetty

An RCE blog is scheduled and will be published soon :P

Ciphey : Automatically decode encryptions without a key, decode encodings, and crack hashes : github.com/Ciphey/Ciphey credits @brandon_skerrit

Calling eval without "eval" or "import" amongst others: __builtins__.__dict__['\x65\x76\x61\x6C']("\x5F\x5F\x69\x6D\x70\x6F\x72\x74\x5F\x5F\x28\x22\x6F\x73\x22\x29\x2E\x73\x79\x73\x74\x65\x6D\x28\x22" + "COMMAND" + "\x22\x29")

This release also fixes a bypass if somebody does DOMPurify.sanitize(html).toLowerCase(). Check this example: jsbin.com/subocetuce/1/e… Hint: in blocKquote - K = U+212A (KELVIN SIGN) which is lowercased to ASCII "k".