Nemo
@0x_NemoInfosec enthusiast | bug floppeur
Similar User
@DinerHell
@SpawnZii
@Aickyo
@D1n0x0r
@PerceSecu
@L0g__s
@Perchax_
@Gaburall
@Vozec1
@hiippiiie
@z3gh0st
@ECSC_TeamFrance
@0xWiZee
@iHuggsy
@Kanashiki7
I'm thrilled to finally share my research on HTML parsing and DOMPurify at @GreHack 2024 📜 The research article is available here: mizu.re/post/exploring… The slides are available here: slides.com/kevin-mizu/gre… 1/3
I recently reported an RCE to Happy-DOM (a Node.js HTML parser), and it’s now fixed! The bug itself wasn't complex, but since finding an RCE in an HTML parser isn’t very common, I'm quite happy with this one :D github.com/capricorn86/ha…
[📍 CHANGEMENT D'ADRESSE 📍] Ce samedi, retrouvez-nous au 6 rue Maryse Bastié, à Bruz, sur le Campus de Ker Lann. Le bâtiment est situé à quelques mètres de l'ancien. Restez à l'affût, nous vous communiquerons dans la foulée les talks ainsi que la liste de nos sponsors. 👀
SAVE THE DATE: Samedi 12 octobre 2024 - 9h30 à 23h SteakOverflow revient à Rennes avec son mix de hacking, de bonne nourriture, et de bières 🍻 ! Conférences et rumps au programme 🏴☠. 📍 Campus Ker Lann 📩 On cherche des speakers : esnhack.fr/call-for-papers
👀👀
Critical XSS in Roundcube webmail⚠ A victim only has to view a malicious email. As reported by @ESETresearch, APTs have exploited similar vulns in the past to steal government emails. Our announcement: sonarsource.com/blog/governmen… (CVE-2024-42008, CVE-2024-42009, CVE-2024-42010)
DOMLogger++ v1.0.5 is now out and available! It comes with new features, including the ability to remove response headers, a PwnFox integration, and much more 🔥 A new config file is also available for CSPT hunting 👀 More details can be found here 👇 github.com/kevin-mizu/dom…
Hello Cybersec community ! It's time to update your SuiteCRM :D I've found 9-10 vulnerabilities, most of them Critical/High that impact all versions <7.4.14 and <8.6.1 ! That's at least 9 additionnal CVEs for my Resume 👀 github.com/salesagility/S…
Tired of writing bug bounty reports? Take a look at what @xanhacks has done, a list of report templates (EN/FR). It's a real time-saver on a daily basis 😄 gitlab.com/xanhacks/web-p…
👋 I've created my first medium/hard pwn challenge for @flag4jobs It's a whitebox HTTP server built in C. To get a shell, you'll need to find and exploit several vulnerabilities. Feel free to check it out! The first blood has not been taken yet🩸
Hackyx now has a new UI and was rewritten using NextJS. In the next version, it will be easier to add new content to be indexed, so stay tuned! ( There is also a dark mode 👀 ) hackyx.io
DOMLogger++ v1.0.4 is now out and available in stores! It comes with new features that allow you, for example, to easily dig into DOM gadget occurrences after an innerHTML sink 🔥 More details can be found here 👇 github.com/kevin-mizu/dom… 1/3
Bravo à toutes et à tous ! 💪💪💪 And the winners are : 1. @Synacktiv 2. @FlatNetworkOrg 3. @acceis
As expected, two variations of the so far known mXSS attacks have been spotted and new DOMPurify releases are ready to fix those. github.com/cure53/DOMPuri… github.com/cure53/DOMPuri… Many thanks to @kevin_mizu and @hash_kitten for spotting and reporting those 🙇
It's time to present my first little blog post, on XSS WAF bypass Feel free to send me feedback (: onetest.fr/posts/xss-waf-…
Bonjour chers agents, Une nouvelle phase de recrutement a débuté, l'Agence est impatiente de recevoir vos candidatures → strangercase.org/register Découvrez également le trailer de cette 3e édition sur YouTube → youtu.be/j6QhuwEnoV4 Rendez-vous le 4 mai !
Another fantastic edition of the @FIC_eu has come to an end! Thanks to everyone who came by our booth to say hello, have a nice chat with our team and take part in our exclusive Live #BugBounty event! We really enjoyed meeting all of you 🙌 Once again, we'd like to extend our…
Très fiers d’avoir remporté la première place ! 🔥 Gg a @EsnaBretagne et @phreaks2600 !
#EC22024 Bravo à tous les participants de cette nouvelle édition de l'@EuCyberCup ! Et toutes nos félicitations aux grands gagnants : 🥇@gcc_ensibs (qui remporte aussi l'épreuve hardware) 🥈 Esnarcotrafiquants @EsnaBretagne (vainqueurs des épreuves CTF & speedrun) 🥉Phreaks…
End of @EuCyberCup with a good 3rd place, congrats to @gcc_ensibs and @EsnaBretagne for their 1st and 2nd place 🔥
CyberTalk#13 - Les Secrets des Chasseurs de Primes - avec @Icare1337 et @_Worty Ce vendredi 02 Février de 20h30 à jsponverrabienfrer ! ==> En direct sur la chaine Twitch : twitch.tv/hacktback Venez assister à l'enregistrement de l'émission en direct et posez vos questions !
United States Trends
- 1. Georgia Tech 8.910 posts
- 2. #SmackDown 36,7 B posts
- 3. Chiefs 152 B posts
- 4. Raiders 76,3 B posts
- 5. Kirby 17,9 B posts
- 6. Haynes King 1.129 posts
- 7. Carson Beck 1.038 posts
- 8. Iowa 16 B posts
- 9. Shinsuke 3.282 posts
- 10. #OPLive 1.425 posts
- 11. Ga Tech 1.258 posts
- 12. Athens 4.966 posts
- 13. Bobo 39,3 B posts
- 14. Jeanty 24,6 B posts
- 15. #loveafterlockup 1.295 posts
- 16. Heisman 28,1 B posts
- 17. #GoDawgs 3.567 posts
- 18. Mahomes 31,1 B posts
- 19. Brent Key N/A
- 20. Myles Colvin N/A
Who to follow
-
Hell Diner
@DinerHell -
SpawnZii
@SpawnZii -
Aickyo
@Aickyo -
D1n0x0r
@D1n0x0r -
Perce
@PerceSecu -
Log_s | Léo Desmonts
@L0g__s -
Perchax
@Perchax_ -
Woody
@Gaburall -
Vozec
@Vozec1 -
Hippie
@hiippiiie -
z3gh0st
@z3gh0st -
ECSC Team France
@ECSC_TeamFrance -
WiZee
@0xWiZee -
Roadrunner, но медленнее
@iHuggsy -
Kanashiki
@Kanashiki7
Something went wrong.
Something went wrong.