Profile avatar
agarri.fr
Web hacker 😈 Burp Suite Pro trainer 👨‍🏫 Maintainer of @mastering-burp.agarri.fr 🛠️
743 posts 4,215 followers 581 following
Prolific Poster
Conversation Starter
Posts 39 Comments 11

Tax The FRIGGIN RICH....

submitted 23 hours ago • 25 comments

Quick note on giving talks. It is not enough to have great content. Expectations are low. When you start off, quickly establish some kind of bond with your audience. Once that is in place, your listeners will give your presentation a decent chance: berthub.eu/articles/pos...

submitted 17 hours ago • 0 comments

Rubio publicly criticizing an ally for cracking down on right-wing extremism. And Germany hitting back. We are in a new world

submitted 15 hours ago • 1985 comments

We already know that any Web server listening on the loopback interface is a security risk, because it may be accessed by a browser or its extensions. But the impact may be way bigger if this Web server is a MCP server 😱 blog.extensiontotal.com/trust-me-im-...

submitted 18 hours ago • 0 comments

I don’t understand why DOGE’s access to critical data isn’t a scandal by itself 🤔 www.npr.org/2025/04/15/n...

submitted 20 hours ago • 0 comments

AppSec Ezine - 585th edition pathonproject.com/zb/?44122470...

submitted 22 hours ago • 0 comments

Just finished the book "THIS IS HOW THEY TELL ME THE WORLD ENDS" by @nicoleperlroth.bsky.social A great view at the people finding, selling or using 0-day vulnerabilities A few friends appear here and there, and that make the book even better

submitted 2 days ago • 1 comment

If there's one thing I've learned about covering cybersecurity over the past decade or so, is that the cybersecurity community (the fixers and breakers) and the cybersecurity industry (profits above all else) are two very, very different things.

submitted 2 days ago • 7 comments

@stokfredrik.bsky.social This one is for you!

submitted 2 days ago • 0 comments

Just finished the book "THIS IS HOW THEY TELL ME THE WORLD ENDS" by @nicoleperlroth.bsky.social A great view at the people finding, selling or using 0-day vulnerabilities A few friends appear here and there, and that make the book even better

submitted 2 days ago • 1 comment

My device is safe (as of today’s public techniques), but I should nonetheless use my USB condoms more often when traveling arstechnica.com/security/202...

submitted 3 days ago • 0 comments

AppSec Ezine Edition #584 pathonproject.com/zb/?39a1a5b0...

submitted 7 days ago • 0 comments

Romhack is coming up and the CfP is still open! Got novel research you’d love to present in front of an eager audience, with the stunning Roman landscape as your backdrop, and on the same stage where @jameskettle.com will deliver the keynote? Submit now! cfp.romhack.io/romhack-2025/

submitted 6 days ago • 0 comments

RUMOURS are TRUE 🤷‍♀️ PHRACK will be releasing a SPECIAL #71.5 👉HARDCOVER👈 at www.offensivecon.org BERLIN ("The 𞅀-Day Edition"). Main #72 release THIS SUMMER at MULTIPLE conferences (main release at WHY2025). ❤️

submitted 5 days ago • 1 comment

The #FCSC2025 ended yesterday, and my write-ups are now available here 👇 mizu.re/post/fcsc-2025… Btw, like every year, all the challenges have also been added to hackropole.fr! 🚩 1/2

submitted 4 days ago • 2 comments

I reached 4,200 followers on 4/20 🪴

submitted 12 days ago • 0 comments

🍊 OrangeCon 2025 is looking for volunteers! Join us Sept 1-5 in Amsterdam, and help us build the most exciting cybersecurity event in NL! Sign up now: forms.gle/cBhcu1pbQjdU... #OrangeCon2025 #Cybersecurity #Conference #CallForVolunteers

submitted 11 days ago • 0 comments

I reached 4,200 followers on 4/20 🪴

submitted 12 days ago • 0 comments

This year again, with @bi.tk, we've made the Web challenges 🚩 The CTF is solo and lasts 10 days, if you have some time, please give it a look 😁 Btw, even if you're not doing Web challenges, there are 100+ challenges in various categories, you should find something you like!

submitted 14 days ago • 1 comment

Some details about the only on-site training session I'll be giving in 2025 - early-bird price is valid up to June 1st (10% off) 💰 - 4 seats out of 20 are already gone ⏳

submitted 18 days ago • 0 comments

AppSec Ezine - 583rd edition #AppSec #Security pathonproject.com/zb/?64c37d62...

submitted 14 days ago • 0 comments

If you like hacking XML, this article is a gold mine! 😱 It includes parser discrepancies, round-trip attacks and my favorite, namespace confusion 🤩

submitted 35 days ago • 0 comments

NEW: In an 11th hour move, CISA spokesperson says the agency extended the contract for the MITRE-backed CVE Program last night:

submitted 17 days ago • 5 comments

In case you missed today's *HUGE* news, the funding for the CVE and CWE projects is "expiring" today 😱 Yes, you read it right... www.youtube.com/watch?v=itbs...

submitted 17 days ago • 1 comment

3 milliseconds to admin — Our analyst John Ostrowski turned a DLL hijacking into a reliable local privilege escalation on Windows 11. He chained opportunistic locks, and API hooking to win the race to CVE-2025-24076 & CVE-2025-24994. Read his blog post: blog.compass-security.com/2025/04/3-mi...

submitted 18 days ago • 0 comments

Some details about the only on-site training session I'll be giving in 2025 - early-bird price is valid up to June 1st (10% off) 💰 - 4 seats out of 20 are already gone ⏳

submitted 18 days ago • 0 comments

Le Mont Saint Michel Rising from a sea of low fog… Captured Friday morning in this iconic location, which happens to be super close from my home. #photography #art #landscape

submitted 19 days ago • 111 comments

💥 Whopper scoop from @andybounds.bsky.social: Brussels is issuing burner phones & basic laptops to commissioners & senior officials travelling to the US for IMF/World Bank spring meetings next week to avoid risk of espionage — a measure traditionally reserved for China. www.ft.com/content/20d0...

submitted 19 days ago • 27 comments

Went on Wicked Words to talk all about DARK WIRE, my book on the incredible true story of the biggest sting operation ever in which the FBI secretly ran a tech company for organized crime. Years later still nothing has come close podcasts.apple.com/us/podcast/j...

submitted 18 days ago • 0 comments

I will definitely not attend or speak at any US event in the coming years—not that I liked Las Vegas in the first place—and I’m wondering how common that will be. There are only a few speakers making a living out of it so I assume that CFP review boards will have noticeably less submissions? […]

submitted 18 days ago • 0 comments

From what I hear, everybody is reconsidering their stays and stop-overs in the US... From an European PoV, that means less people going to @blackhatevents.bsky.social or @defcon.bsky.social this summer, and more people going to @why2025.bsky.social 🏕️

submitted 19 days ago • 3 comments

We are in 2025, and both XInclude and XSLT are still useful (at least for attackers) gist.github.com/parrot409/e9...

submitted 20 days ago • 1 comment

We are in 2025, and both XInclude and XSLT are still useful (at least for attackers) gist.github.com/parrot409/e9...

submitted 20 days ago • 1 comment

AppSec Ezine - 582nd edition #AppSec #Security pathonproject.com/zb/?648e7fbe...

submitted 22 days ago • 0 comments

I was pretty confident in my position, but your persuasive use of all caps and excessive punctuation made me realize I was wrong all along.

submitted 22 days ago • 25 comments

I do have quite a backlog of blog posts, so let's start with this one 😎

submitted 22 days ago • 0 comments

Another undercover FBI investigation related to cryptocurrency 💰

submitted 22 days ago • 0 comments

Today’s mood…

submitted 22 days ago • 1 comment

Hackers spied on 100 US bank regulators’ e-mails for over a year 🫣 www.straitstimes.com/world/united...

submitted 22 days ago • 0 comments