RT @Blaklis_: My french team, for the world cup, and in collaboration with my wife, printed me a hoodie with a redacted payload on it. That….

Some time ago while hunting with @Icare1337 and looking for bugs in Ghostscript I found a vulnerability that allows to local file read / write. This led to CVE-2025-46646. - #infosec #bugbounty.

Some time ago I found 2 vulns in Collabora Online that when chained allowed to arbitrary file write. When digging further with my colleague @Icare1337 we found out a pre auth RCE in a largely used open source software. We'll do a write up later. CVE below:.

RT @yeswehack: Half of our 2025 Bucket List has already been achieved 🤯. Kudos to @truffzor, @Icare1337 & @LdrTom for the epic collab, and….

RT @Icare1337: #BugBounty.

RT @n1nj4sec: I recently found a blind FreeMarker SSTI on a bbp. It was not possible to RCE but I found some nice gadgets to enumerate acce….

RT @kevin_mizu: I'm thrilled to finally share my research on HTML parsing and DOMPurify at @GreHack 2024 📜. The research article is availab….

RT @yeswehack: 🎬 #TalkiePwnii is LIVE!. Introducing our new series starring @pwnwithlove! In each video, Pwnii will break down Dojo challen….

RT @phrack: The time has come, and with it your reading material for the week. Phrack #71 is officially released ONLINE! Let us know what….

RT @SwiftOnSecurity: One time I tried to explain Kerberos to someone. Then we both didn't understand it.

My team (France) finishes first at the @Hacker0x01 #AmbassadorWorldCup qualification round. What a pleasure to be part of such an engaged and skilled team !.

RT @thomasrinsma: I'm very excited to finally share the first part of the research I did into Ghostscript. This post details the exploitati….

A few weeks ago I found a vulnerability in Apache Allura while reading an excellent paper from @Sonar_Research and the according fix. CVE has been published today. #offensivesec #infosec.

RT @aituglo: New update on Hackyx! You can now share with us any technical content, blog post, or writeup that you found interesting. It….

RT @kevin_mizu: DOMLogger++ v1.0.4 is now out and available in stores! It comes with new features that allow you, for example, to easily di….

RT @kevin_mizu: Really proud of those bypass/mXSS variations. They involve some cool second-order DOM Clobbering and a new mutation gadget….

RT @Icare1337: #BugBounty #bugbountytips #libreoffice.

Sometime ago I found another vulnerability on Adobe Commerce while hunting with the French team during @Hacker0x01 world cup. What a pleasure to hunt with one of the best hackers I know => @Blaklis_ 🔥.

RT @0xEdra: It's time to present my first little blog post, on XSS WAF bypass . Feel free to send me feedback (:.

RT @Icare1337: Hack Me I’m Famous #2: was amazing live hacking event thank to @LouisVuitton @yeswehack #HMIF2.Big thank to my team squad o….