baddhack

Comme j'en ai marre d'être appelé pour de la publicité et que j'aime bien les RegExp : gist.github.com/noraj/46212916…

J’assume Le @BreizhCTF est pour moi le meilleur évent de cyber de France. Orga au top, animation parfaite, lieu incroyable, CTF intéressant original et bien fait, nourriture divine et ambiance folle. Merci à tous pour cette journée / nuit ✨

We're doing better than last year with a good 4th place in the @BreizhCTF ! 🔥🔥 A big thank you to the organizers, and count on us to do even better next year 👀 @Tek_7987 @Thxb35 @xanhacks @0xThaz @L0g__s

Coucou maman je passe à la télé 🥳

Je continue ma recherche en full remote (depuis Dakar mais prêt à venir en Europe qques temps si nécessaire). J'ai pas mal de ça ⬇️ dans mes retours 😐 mais je ne désespère pas 🌝 Si vous connaissez des recruteurs/entreprises qui recrutent en cyber en full remote ➡️ DM

In my job search in Dakar, I don't know what has been more challenging : navigating the local job market where my profile is absolutely not sought after, or the expat job market that is incredibly closed to outsiders. That's why I now only focus on full-remote opportunities.

… see you in 48H #CTF ….

You asked and we answered... Because of the interest in our merch, we've decided to run a giveaway! We're offering merch bundles to 10 lucky winners (items may vary to those shown). To enter: 🛡️ Follow us and @CysecCareers 🛡️ Retweet this tweet Worldwide. Closes Jan 5, 2024

Congrats everyone for this 100% French podium !! 🇫🇷🥖 We are proudly standing at the 1st place in this @hackthebox_eu CTF in front of over 900 worldwide universities ! 🏴‍☠️🥇 Thanks to everyone, GG @EsnaBretagne and @ecole2600 ! 🚀 See you next year ! 🔥 @ENSIBS

🏆 Thrilled to achieve 1st place with my team @GCC_ENSIBS at the @HackTheBox_eu University CTF 2023, alongside two other French teams, @EsnaBretagne and @Phreaks2600 🔥 ⤵️Write-Up about Race Condition, OAuth Misconfiguration, XSS & RCE via HTML2PDF xanhacks.xyz/p/phantom-feed/

I have made 2 writeups for #ECSC2023 and #DGhAck. For the 2nd one, I used github.com/naacbin/Covena… [1] Recovering PDF using DataRun of $LogFile > naacbin.gitlab.io/data-on-the-ru… [2] Decrypt empire C2 communication by extracting private key from memory > naacbin.gitlab.io/empire-c2/

[thread] Did you know that ssh tries to authenticate with stored keys BEFORE the key specified with -i in the command line ? I just noticed this, the hard way 😐. Let's imagine you have more than 5 keys loaded in your ssh agent. When authenticating to a remote server, you get:

GCC est à la finale du @CsawEurope 2023 Embedded Security Challenge - ESC ! J1 - Journée de conférence 🔥📖 @50mgDrahoxx, Rémi, Okan et Théo sont présents sur place pour représenter le club !

Une #carte intéressante a été créée pour résumer les #cyberattaques envers les organismes publics en #France, grâce au fond de carte libre #OpenStreetMap #6/47.040/7.317" target="_blank" rel="nofollow noopener">umap.openstreetmap.fr/fr/map/attaque…

The CVSS Special Interest Group is proud to announce the official release of CVSS v4.0 - first.org/cvss/. This latest version of CVSS seeks to provide all users with the highest fidelity vulnerability assessment. #FIRSTdotOrg #CVSS #BuildingTrust #PSIRT #CSIRT

haiti v2.0.0 is out! 🍾 Reached 600+ (632) hash types supported 📈 113 new hash types ☀️ New list command to list all supported hash types ☑️ Many enhancements (add JtR or HC ref/id, better description, fixes) and better detection github.com/noraj/haiti/re…

New critical vulnerability #CVE-2023-20198 affecting Cisco IOS XE devices when Web UI is enabled. ⚠ CVSS: 10 ❌ Fixes : not available Related to the attack: 5.149.249[.]74 154.53.56[.]231 Cisco provided some way to check if the system might be compromised 1/2

Inspired by @ACEResponder works on Sliver C2, I create a tool to decrypt Covenant communications : github.com/naacbin/Covena…

Bonjour à toute la commu cybersécu👋. J'essaie de récolter un max d'infos sur l'envie de chacun pendant les compétitions Capture The Flag. forms.gle/dCarNMurrquvsM… Les résultats seront partagés dans quelques semaines. Merci d'avance pour vos RT🙏 #ctf #infosec #CyberSecurity

Here is my retex on the OSCP 2023 blog.azumi.fr/posts/oscp-ret…