Around a week ago, I decided to step back a bit into the shadows, and reduce drastically my presence in the bug bounty community, especially on Discord and X. That story confirmed that's definitely the good move. Those were my last tweets for a while. Starting today, I'll no

Release is out : https://t.co/uGEKxm503h This patches a pre-auth RCE and a customer ATO that I found a few days ago on Adobe Commerce and Magento. If you're using it, patch asap! This wouldn't be surprising to see TA using them in a few hours or days, at most. #magento

Exceptionnally back on X for that. If you are a Magento or Adobe Commerce user, patch as soon as possible - the patch of my bug will be released imminently. This has one of the most severe impact possible, and is easy to trigger. Expect attacks, very soon. #magento #ecommerce

Hey the community! I feel the need to react to https://t.co/8vcqTEJpTu, as it targets me specifically and is doing a clear defamation there. I guess it's useless to say that the claims of me telling that I'll block people based on the fact that they're muslim is a complete lie,

Hit some huge bounties collaborating with some of the top French bug hunters @0xLupin, Snorlhax, @Blaklis_ accross campaigns and the H1-6102 LHE. Never had so many large rewards in a small timeframe 🤯 Most fun I had in a long time !

Just finished my talk at #securityfest, you can find all the details in my latest blog post:

Yay, we were awarded a $50,000 bounty on @Hacker0x01 with @DoomerOutrun and Snorlhax! https://t.co/NEdO2VCs1P #TogetherWeHitHarder #bugbounty

I've been working on something behind the scenes for the past couple of months, and I'm finally ready to share it. Disclosed. A curated newsletter about the bug bounty world. https://t.co/5RDRrVMzVf Over the last four weeks, I've been quietly publishing weekly issues and

Another good one! :) Yay, I was awarded a $8,333 bounty on @Hacker0x01, on a $25,000 bounty in collab with Snorlhax & @DoomerOutrun 💪! https://t.co/NEdO2VCs1P #bugbounty #TogetherWeHitHarder

Built some automation and a directory for aggregating bug bounty profiles. Adding your profile isn't open to the public yet but let me know what you think. https://t.co/vxiAgjwlIF #bugbounty

In a few days, I was awarded $20'000 in bounties on @Hacker0x01, and a nice CFH 10'000 (~$12'000) bounty on @swisscom_csirt ! Nice way to slowly get back at it hehe :) #TogetherWeHitHarder #bugbounty #SwisscomBugBounty

The last bits of it took me a bit of time, as I took some very long holidays, but I'm now part of the 10k rep club 👀 #BugBounty

My french team, for the world cup, and in collaboration with my wife, printed me a hoodie with a redacted payload on it. That bug was super fun, but quite hard to exploit! If encoded words, RFC2047 and so on are strange words to you, @garethheyes presented at the same time their

... and we dropped 2 new vulnerabilities, bypassing the emergency patch. Might have been a threat actor dream I guess :p #BugBounty

Because $z->xinclude(false) doesn't prevent XInclude directives to be parsed - it actively evaluates xinclude directives :p. A few at-first-sight useless bugs that chained well to get something critical! @swisscom_csirt even added a bonus for it, for the exploit coolness! Have a

Oops, everyone is admin! #bugbounty

Or maybe this one was the easiest? :p #bugbounty

Probably one of the easiest bugs in my career :) #BugBounty

Daniel Le Gall (@Blaklis_) shares a ride through real-world bug bounty wins — from SMS token leaks and XPath exfiltration to MIME header RCEs and logic flaws that pay on coffee breaks. $2M+ earned, 15+ years of hacking. Full talk → https://t.co/0v9Jwy2PPn #BugBounty #DEFCON