Insecurity

Great competition with the amazing french team 🇫🇷, very fun experience. Congratulations to all the teams.

I'm happy to release a script gadgets wiki inspired by the work of @slekies, @kkotowicz, and @sirdarckcat in their Black Hat USA 2017 talk! 🔥 The goal is to provide quick access to gadgets that help bypass HTML sanitizers and CSPs 👇 gmsgadget.com 1/4

💣 Hello 💣 Rien de prévu le 1er Juiller au soir ? Cool. Maintenant oui ! 😎 RDV Mardi 1er Juillet à 21h sur twitch.tv/thelaluka ! STOP, je te connais ! Ouvre tout de suite ton gcal/outlook/kcal/any et note cette date >maintenant< avant de l'oublier ! 😂 Au programme ! - Présentation de nos invités de choix (🥰) et leurs entreprises respectives : @Synacktiv @rootme_org @SecurityElysium @OteriaCS @EsnaBretagne - Les WINS, les FAILS, et les TIPS pour se lancer 🤝 - C'est une bonne situation ca, BOSS ? (organisation, santé mentale, séparation pro/perso) - What's NEXT ?! Le futur ?! Le tout évidemment avec vos questions en bonus ! 💌 Posées le jour J dans le chat, en DM, ou mieux : ICI en commentaire/RT pour contribuer à la visibilité et réussite de cet EP ! 😏 Bises all, et merci aux braves qui lisent encore les posts jusqu'au bout en 2025 ! 🫰

I'm very happy to finally share the second part of my DOMPurify security research 🔥 This article mostly focuses on DOMPurify misconfigurations, especially hooks, that downgrade the sanitizer's protection (even in the latest version)! Link 👇 mizu.re/post/exploring… 1/2

Another successful Bug Bounty year for 2024 💫 - Ranked 13th for the year on YWH - Superb meeting and collaboration with these beasts @_cyber_djinn @Icare1337 @jtop_fap @truffzor @Wlayzz - Crazy LHE at Louis Vuitton Thanks @yeswehack 🫶 I wish everyone a happy new year 🎉🥳

2024 incredible year! 🎉 Ended as Top 9 All-Time Leaderboard in @yeswehack proud to be part of the legendary Hunter Squad. 🐾 Every vulnerability found is a victory shared with an extraordinary team. 🚀 Let’s crush 2025! 💥 #BugBounty #HunterSquad @Wlayzz @truffzor @jtop_fap

Proud of you, bug hunters 💜 At the start of 2024, we challenged you with a #BugBounty bucket list. Big congrats to all those who unlocked an achievement: @djamel_ghorab, ASP, @Noam_Hamnich, @lr04d91, @haktanemik, @Icare1337, @Wlayzz, @truffzor, @jtop_fap and @Nishacid 👏 As you can see though, one tricky item still remains… Can you tackle it before the year ends? 👀 Good luck, and look out for the 2025 edition on January 1st – featuring new and exclusive swag! 🎁

I've fully automated the lab used for @_leHACK_ Active Directory 2024 workshop done by @mpgn_x64 and it's available for everyone ! 🔥 Also big kudos to @M4yFly for the playbooks and NetExec dev teams for this awesome tool ! Hope you enjoy, more to come github.com/Pennyw0rth/Net…

Just got a reward for a high vulnerability submitted on @yeswehack -- Cross-site Scripting (XSS) - Stored (CWE-79). yeswehack.com/hunters/supr4s #YesWeRHackers Nice bounty and nice collaboration with friend @jtop_fap 🤟

Our community scores again! And this time, as a team 🤝 Kudos to @Icare1337, @Wlayzz, @truffzor & @jtop_fap for 3 collaborative reports accepted on @doctolib’s public #BugBounty program! Want swag as well? Tick one of the 5 remaining boxes 😉 #YesWeRHackers #SharingisCaring

Mid-term exams are approaching fast and those PHP web apps will not attack themselves, so let's practice the gadget chaining in Laravel with professor Matthieu Farrell: blog.quarkslab.com/php-deserializ…

I just completed the "Dojo #30 - Terminal isolation" challenge on @YesWeHack! 🚀 Can you do it?: dojo-yeswehack.com/challenge/play… #ChallengeCompleted #YesWeRHackers #YesWeHackDojo

Heya ! 🍀 As usual les replays, en compagnie de @Blaklis_, @Geluchat, & @adibousec 🌹 youtu.be/7Kx85-2RQKs youtu.be/kMp0kmk_bqs youtu.be/g_G0F6ha5Vk 1/2

Thank you @yeswehack for this swag, it's christmas in january ! Hack the planet🤟

@truffzor @yeswehack @tihmz @jtof_fap Merci les gars ! Et merci @yeswehack pour avoir choisi mon rapport !

@yeswehack @jtop_fap @tihmz GG @jtof_fap and I can say it is very well deserved knowing the quality of your reports !

✨ Christmas was saved thanks to you! We have the winners for our special Dojo Christmas challenge - SantaLock! The 3 best reports were submitted by: 🥇 @jtop_fap 🥈 @tihmz 🥉 fravoi We've also decided to randomly select 10 more reports to receive some goodies! Congrats to all! 👏 ➡ Read the full DOJO #29 writeup solution here: yeswehack.com/dojo/dojo-chal… #BugBounty #YesWeRHackers

@sachinnthakuri @Hacker0x01 jtof_fap

Just launched a new private program on @Hacker0x01 if you're interested in hacking on fresh scopes, please comment your h1 username and i will add you to the program. #BugBounty

End of this intense and exciting competition with #TeamFrance. Lots of fun and teamwork for 4th place this year. Congratulations to the top three teams, the level was incredible!

The #ambassadorworldcup finally come to an end! Congratz #teamspain for your deserved world champion title! We were fighting with the team against the #teamnepal, which was a close fight. We did our best and we don't know yet the result, but whatever, I'm super proud of the road we had with the #teamparis team! I'm also super glad to have win the "best hacker" award for the final phase, and to be the first in the leaderboard in term of bounties - super motivated for what comes next. Congratz everyone! #hackerone #togetherwehitharder

@mpgn_x64 Merci pour la qualité de ton travail et le temps passé à maintenir et faire évoluer ce projet utilisé par tous 🫡 !

Hello everyone, The last release of CME was my final one for CrackMapExec 😊 I have decided to withdraw myself from the development of the tool to focus on my family and personal projects. The official repository and the most up-to-date version of CrackMapExec can be found on GitHub at this link ▶️ github.com/Porchetta-Indu… I want to express my heartfelt gratitude for all the support I've received over the years, from the incredible pull requests and contributions to the generous sponsors. To close this chapter of my life, I will send the last 5 coins to the last contributors 🪙 I wish all the best for everyone and thank you once again. Peace ! 🪂

🚀 Smash bugs faster than ever! Our new feature lets you drag & drop or copy-paste screenshots right from your clipboard. Making your bug reporting faster and smoother! #YesWeRHackers