noraj
@noraj_rawsec
Followers
3K
Following
3K
Media
308
Statuses
1K
🇫🇷 Penetration test engineer. 🐧 #BlackArch Linux maintainer. 🔣 (Unicode) security researcher.
France
Joined September 2018
Tor new relay encryption scheme is starting to spread https://t.co/DGya1dTqLI
alternativeto.net
The Tor's development team has announced a major encryption update, replacing the vulnerable current “tor1” scheme with Counter Galois Onion (CGO) protocol for better security. The rollout is in...
0
0
1
Last Friday at @BlackAlpsConf 2025, @noraj_rawsec explored the hidden security challenges of #Unicode 🎤 With 1,000+ pages of specs, even small mistakes can become attack vectors. Dive into the details 👉 https://t.co/bjShLC2ksV
0
4
16
Le TOML qui est une vraie amélioration et standardisation de INI a bien du mal a être adopté, alors TOON qui est inutile et ne répond à aucun besoin, à mon avis, sera bien vite oublié.
0
0
2
In our new blogpost, @noraj_rawsec shows how one can abuse Unicode characters to bypass filters and abuse shell globbing, regexp, HTTP query parameters or WAFs when #MySQL strict SQL mode is off 👇 https://t.co/2Omr4hcX6Q
synacktiv.com
What could go wrong when MySQL strict SQL mode is off?
0
13
47
Slides also available at:
synacktiv.com
Synacktiv
Finally, @noraj_rawsec talked about Unicode-based exploitation primitives at SEC-T. He explained the core concepts of Unicode and presented several security issues that can stem from its complexity. 🤯 The recording is available here: https://t.co/j11yxkQFfc.
0
0
2
Ma solution (en français) :
blog.raw.pm
Write-up# Write-up pour le défi Dojo #44 - Surveillance du matériel créé par BrumensYWH. La solution officielle publiée par YesWeHack se trouve ici. Ci-dessous, vous trouverez ma solution qui a été re
Our latest Dojo challenge, Hardware Monitor, has come to an end! ✅ We know this one gave many of you a hard time… so why not dive into the solution? You can now check out the best write-up and see how it was cracked 👉 https://t.co/gN2b58tORp
#YesWeRHackers #CTF #BugBounty
0
1
1
Drumroll, please… 🥁 We have the winners for our latest Dojo challenge! Congrats nater1ver, @_Ali4s_ and @noraj_rawsec: you win a swag pack! Keep an eye on your mailbox 👀 Want to win swag and program invites? Stay tuned 👉 https://t.co/UDkrRte92X
#YesWeRHackers
3
1
16
Fallback procedure to install or update AUR packages when https://t.co/1NMQgAviuU is down https://t.co/cWYWVIxx8Q
gist.github.com
Failback procedure to install or update AUR packages when aur.archlinux.org is down - AUR.sh
0
0
7
Zero-click #NTLM credential leakage in explorer.exe (CVE-2025-50154) by putting a shortcut (.lnk) on a SMB share (bypass CVE-2025-24054).
You didn’t click, but your password challenge is leaked. I’m excited to share my latest research: CVE-2025-50154, a high severity NTLM hash disclosure vulnerability in the explorer.exe process, exploitable without any user interaction. https://t.co/ssA9YdBE6J
0
1
6
Now that #LXQt has beta support for Wayland, I dropped X11 and openbox windows manager, and thanks to lxqt-wayland-session I switched to kwin wayland compositor. https://t.co/5RNSqJNgFM I found labwc to have a lot of visual artifacts.
1
0
0
I made a new "makepkg not war" serie ArchLinux #wallpaper for #LXQt Arch Colors theme. It can be downloaded for free here:
artstation.com
makepkg not war ArchLinux wallpaper matching color of Arch Colors LXQt Theme https://lxqt-project.org/screenshots/arch-colors/
1
0
2
hashcat v7.0.0 released 🎉 Assimilation bridge and Python bridge sounds nuts Performancs will 📈 with AMD HIP support & various improvments Docker support is on its way And may more :
github.com
Welcome to hashcat v7.0.0! We're proud to announce the release of hashcat v7.0.0, the result of over two years of development, hundreds of features and fixes, and a complete refactor of several...
1
2
8
fastfetch is here to the rescue
`neofetch` developer discontinued the project and took up farming. i think that is beautiful and i think about it all the time. #linux #opensource
1
0
2
The challenge has no interest in itself, it's just an excuse to test bruteforce attacks with nmap and legba rather than the classic hydra, wfuzz or burp. https://t.co/AsHJMQ7HpH
blog.raw.pm
Information Room# Name: Lesson Learned? Profile: tryhackme.com Difficulty: Easy Description: Have you learned your lesson? Write-up Overview# Install tools used in this WU on BlackArch Linux: sudo
0
0
4