Profile avatar
aroly.bsky.social
Hacker, Bug Bounty Hunter, Pentester,... From Namur, BE.
53 posts 123 followers 598 following
Prolific Poster
Active Commenter
Posts 30 Comments 20

Good news! I've uploaded a new post about the most complex and beautiful vulnerability I've ever found, involving patching and uploading deprecated .jar libraries to get RCE on a big target. It's a very technical post, but I hope you like it ! :) www.hacefresko.com/posts/rce-on...

submitted 11 days ago • 1 comment

Just reminding on alternatives european-alternatives.eu

submitted 6 days ago • 0 comments

Pour qui en douterait encore, voici une preuve définitive de ceci que Jean Quatremer est un faraud embourgeoisé et infécond qui ne dit que des conneries, quand certains boulangers, eux, font au contraire preuve de talent.

submitted 8 days ago • 55 comments

What everyone wanted to see, and what Zelenskyy was surely thinking 🥊

submitted 8 days ago • 9 comments

While classified data remained safe, the personal information of nearly half of the Belgian service's members may have been compromised, the newspaper reported. www.reuters.com/world/belgia...

submitted 10 days ago • 0 comments

Sooo... I'm also hosting a YouTube series for @wired.com now that's focused on privacy and surveillance. The first episode, which is about Tesla, just went live. www.youtube.com/watch?v=l7VH...

submitted 11 days ago • 31 comments

Hébé... Pas terrible terrible comme nouvelle, même si ce n'est "que" le serveur externe.

submitted 11 days ago • 0 comments

As a fan of server side issues in webapps, and having played a bit with "HTTP request splitting" lately, I'm really a big fan of "Http Garden" ! It's so cool to be able test things locally, and see the result of proxying weird chars in HTTP requests.

submitted 12 days ago • 0 comments

I should make a thread of all the weird things I ran into while hunting. It's not really useful, but I like these "What the hell ?!?" moments :) This one returns the page code when I do a POST on this aspx endpoint.

submitted 12 days ago • 2 comments

When you see this, but can't exploit it...

submitted 16 days ago • 0 comments

We've just released Shadow Repeater, for AI-enhanced manual testing. Simply use Burp Repeater as you normally would, and behind the scenes Shadow Repeater will learn from your attacks, try payload permutations, and report any discoveries via Organizer. portswigger.net/research/sha...

submitted 17 days ago • 2 comments

@jameskettle.com casually dropping info on the craziest sounding AI-enabled burp extension. Can you imagine messing about with a suspicious LFI candidate in repeater and without you doing anything differently than you do today, burp suddenly spits back the right payload?

submitted 19 days ago • 1 comment

Delta flight that crashed at Toronto Pearson yesterday, all 80 people on board survived, 18 injuries 😱

submitted 19 days ago • 8 comments

Most Americans cannot comprehend what is happening because it’s the opposite of what they’ve ever experienced in the US. They assume they’re aren’t happening because the system will protect them. The system is being dismantled. By the time they realize, it will be too late.

submitted 27 days ago • 11 comments

My call for European governments to retain at least a core IT/communication/email/file capability that is independent of US clouds. Named after the iconic Radio Kootwijk which we built in response to the English cutting off our communications with Indonesia in 1916: berthub.eu/articles/pos...

submitted 35 days ago • 13 comments

Nice :) #chess #lichess

submitted 30 days ago • 0 comments

C'est une dinguerie ce qu'il se passe au FBI actuellement www.nytimes.com/2025/02/04/u... En résumé : - Trump a voulu nommer un nouveau directeur - En mettant à jour le site de la maison blanche pour publier l'info ils se sont trompés d'agent - Le type nommé par erreur a pris… 🧶👇 (1/3)

submitted 32 days ago • 53 comments

The results are in! We're proud to announce the Top 10 Web Hacking Techniques of 2024! portswigger.net/research/top...

submitted 33 days ago • 2 comments

WIRED is tracking numerous reports of Musk-related shenanigans across the federal govt. We're looking for fed employees open to discussing the activity they're seeing or to help confirm other reports. Anonymity offered. Please use @signal.org (contact dell.3030). Do not use work networks/devices.

submitted 34 days ago • 136 comments

Another weird one... On this host, all the OPTIONS responses are sent back with all the request's HTTP headers. Probably nothing to do with this, but... why ?

submitted 38 days ago • 2 comments

... and he just tried to visit my VPS. Alléluia.

submitted 41 days ago • 0 comments

Just reported a fun ANSI Escape Sequence injection in webserver log files using `X-Forwarded-For` HTTP header on a well-known security product. Probably not that impactful, but fun to play with.... Poke @stokfredrik.bsky.social

submitted 42 days ago • 0 comments

Nice :)

submitted 44 days ago • 0 comments

24 hours remaining until voting closes on the Top 10 (new) Web Hacking Techniques of 2024! If you haven't already voted now's the time to do it. portswigger.net/polls/top-10...

submitted 48 days ago • 1 comment

This occurs 9 times out of 10. @hacker0x01.bsky.social you should really do something about it...

submitted 48 days ago • 1 comment

I recently found a cool HTTP Request Splitting bug. I find it interesting so I wanted to share it. The setup is a bit unusual: the public IP address belongs to Google Cloud, then there is Cloudflare, then the "original" server.

submitted 52 days ago • 1 comment

I noticed a weird behaviour while playing with "HTTP Request Splitting". I sometimes get two HTTP responses in Burp repeater when I repeatedly send this request. Any idea what's going on ? Is it just an error from Burp ? #BugBounty @jameskettle.com maybe ? :)

submitted 53 days ago • 2 comments

Nominations are now open for the Top 10 Web Hacking Techniques of 2024! Browse the contestants and submit your own here: portswigger.net/research/top...

submitted 60 days ago • 1 comment

Did not try yet, but could be useful attackshipsonfi.re/p/exploiting...

submitted 80 days ago • 0 comments

Never, EVER, do anything that might create personal legal liability for yourself on behalf of your org. No matter what anyone says, you are not "family." You are not "in this together." And most importantly they do NOT "have your back."

submitted 82 days ago • 12 comments