cousky_ Profile Banner
cousky Profile
cousky

@cousky_

Followers
44
Following
18
Media
0
Statuses
9

Pentest & Vuln Research @Doyensec

https://t.co/b2j1j6noWY
Joined September 2024
Don't wanna be here? Send us removal request.
@Doyensec
Doyensec
@Doyensec
19 days
We’re super excited to welcome Yassine Bengana (@cousky_) to the Doyensec team! 🎉 He’s bringing serious AppSec skills and great vibes — can’t wait to see the cool stuff we’ll break (and build) together 🔥 #AppSec #infosec #Doyensec
0
1
19
@Fisjkars
Maxime Escourbiac
@Fisjkars
1 month
#Michelin CERT was credited for CVE-2025-53072 and CVE-2025-62481, two pre-auth RCEs affecting #Oracle E-Business. Both are easy to exploit. Immediate remediation is advised. #security @BleepinComputer @watchtowrcyber
0
1
3
@Fisjkars
Maxime Escourbiac
@Fisjkars
2 months
Little introduction for my next talk @hack_lu , this article, co-authored with @cousky_ present all details of the full exploit chain that impacted Palo Alto global protect :
Tweet card summary image
blogit.michelin.io
Summary This article delves into vulnerabilities in the Palo Alto GlobalProtect VPN client discovered by Michelin Red Team (Yassine Bengana and Myself) and identified as CVE-2024-5921, CVE-2025-0117,...
0
3
3
@Fisjkars
Maxime Escourbiac
@Fisjkars
1 year
#Michelin CERT was also acknowledged for discovering CVE-2024-38832 and CVE-2024-38833, which affect VMware Aria Operations. Additional vulnerabilities are still undergoing the disclosure process. https://t.co/zkGj9CjqTQ #security #bugbounty @cousky_
support.broadcom.com
0
2
2
@cousky_
cousky
@cousky_
1 year
Palo Alto security advisory:
Tweet card summary image
security.paloaltonetworks.com
An insufficient certificate validation issue in the Palo Alto Networks GlobalProtect app enables attackers to connect the GlobalProtect app to arbitrary servers. This can enable a local non-adminis...
0
0
2
@cousky_
cousky
@cousky_
1 year
Hoping that we can release our own article soon, featuring our additional attack vectors and analysis, stay tuned 🤠
@Fisjkars
Maxime Escourbiac
@Fisjkars
1 year
#Michelin CERT was acknowledged for identifying CVE-2024-5921, which impacts #PaloAlto GlobalProtect. A detailed report was sent to their PSIRT team on February 26th, demonstrating how to impersonate a legitimate portal and fully compromise a workstation. #security @cousky_
1
3
10
@yeswehack
YesWeHack ⠵
@yeswehack
1 year
A new open-source tool from @BitK_ reveals how popular browsers parse HTML – simplifying the hunt for mutation XSS and opening up new horizons in security research 🔬 Read about this valuable addition to your 'Hacker's Toolbox' in our latest blog post 👇 https://t.co/rQyRdhseP5
Tweet card summary image
yeswehack.com
Learn about Dom-Explorer, a new open-source tool for understanding how popular browsers parse HTML and uncovering mutation XSS vulnerabilities.
3
58
160
@__s34lk__
kl43s
@__s34lk__
1 year
Hi, here's my latest article on API hooking from a red/blue team perspective. I explore driver programming to leverage kernel callbacks to inject hooks into every new process on the system. Also, you'll find a script to detect inline hooks in a DLL. https://t.co/dZNMZ3adEz
0
8
11
@cousky_
cousky
@cousky_
1 year
New article published showcasing a Client-Side Path Traversal bug in Grafana, leading to complete takeover in the worst-case scenario🤠 Props to the Grafana team for the quick response !
@Fisjkars
Maxime Escourbiac
@Fisjkars
1 year
Write-up of Grafana vulnerability (CVE-2023–5123) found by #Michelin CERT team. Client-Side Path traversal struck again ! #Security #Writeup @cousky_ https://t.co/kK5DPTKDn1
0
2
9