Nicolas Grégoire
@agarri.fr
Web hacker 😈
Burp Suite Pro trainer 👨🏫
Maintainer of @mastering-burp.agarri.fr 🛠️
Burp Suite Pro trainer 👨🏫
Maintainer of @mastering-burp.agarri.fr 🛠️
Pinned
Nicolas Grégoire
@agarri.fr
· Nov 24
Agarri
Training
hackademy.agarri.fr
The 2026 online public sessions of my "Mastering Burp Suite Pro" course have been published 📅
- March 24th to 27th, in French 🇫🇷
- April 14th to 17th, in English 🇬🇧
hackademy.agarri.fr/2026
PS: feel free to ping me if you'd like to temporarily block a seat or are looking for a 10% coupon 🎁
- March 24th to 27th, in French 🇫🇷
- April 14th to 17th, in English 🇬🇧
hackademy.agarri.fr/2026
PS: feel free to ping me if you'd like to temporarily block a seat or are looking for a 10% coupon 🎁
Reposted by Nicolas Grégoire
THC Release 💥: The world’s largest IP<>Domain database: ip.thc.org
All forward and reverse IPs, all CNAMES and all subdomains of every domain. For free.
Updated monthly.
Try: curl ip.thc.org/1.1.1.1
Raw data (187GB): ip.thc.org/docs/bulk-da...
(The fine work of messede 👌)
All forward and reverse IPs, all CNAMES and all subdomains of every domain. For free.
Updated monthly.
Try: curl ip.thc.org/1.1.1.1
Raw data (187GB): ip.thc.org/docs/bulk-da...
(The fine work of messede 👌)
December 17, 2025 at 1:33 PM
THC Release 💥: The world’s largest IP<>Domain database: ip.thc.org
All forward and reverse IPs, all CNAMES and all subdomains of every domain. For free.
Updated monthly.
Try: curl ip.thc.org/1.1.1.1
Raw data (187GB): ip.thc.org/docs/bulk-da...
(The fine work of messede 👌)
All forward and reverse IPs, all CNAMES and all subdomains of every domain. For free.
Updated monthly.
Try: curl ip.thc.org/1.1.1.1
Raw data (187GB): ip.thc.org/docs/bulk-da...
(The fine work of messede 👌)
Reposted by Nicolas Grégoire
The wait is over! Phrack 72 40th Anniversary Edition is available now.
Order straight to your doorstep — the perfect gift for your fellow hacker, just in time for the holidays 🎄
No need to go to rely on the warez scene with scans anymore 😅
Order here: www.lulu.com/shop/phrack-...
Order straight to your doorstep — the perfect gift for your fellow hacker, just in time for the holidays 🎄
No need to go to rely on the warez scene with scans anymore 😅
Order here: www.lulu.com/shop/phrack-...
December 13, 2025 at 9:34 AM
The wait is over! Phrack 72 40th Anniversary Edition is available now.
Order straight to your doorstep — the perfect gift for your fellow hacker, just in time for the holidays 🎄
No need to go to rely on the warez scene with scans anymore 😅
Order here: www.lulu.com/shop/phrack-...
Order straight to your doorstep — the perfect gift for your fellow hacker, just in time for the holidays 🎄
No need to go to rely on the warez scene with scans anymore 😅
Order here: www.lulu.com/shop/phrack-...
Reposted by Nicolas Grégoire
THC Release: 🎄Smallest SSHD backdoor🎄
- Does not add any new file
- Survives apt-update
- Does not use PAM or authorized_keys
Just SSHD trickery....adds one line only.
More at thc.org/tips 👌
- Does not add any new file
- Survives apt-update
- Does not use PAM or authorized_keys
Just SSHD trickery....adds one line only.
More at thc.org/tips 👌
December 14, 2025 at 2:47 PM
THC Release: 🎄Smallest SSHD backdoor🎄
- Does not add any new file
- Survives apt-update
- Does not use PAM or authorized_keys
Just SSHD trickery....adds one line only.
More at thc.org/tips 👌
- Does not add any new file
- Survives apt-update
- Does not use PAM or authorized_keys
Just SSHD trickery....adds one line only.
More at thc.org/tips 👌
Looking for a Christmas gift for yourself? #burp #training #2026
There’s 9 seats left for the English-speaking session, and 5 for the French-speaking one
There’s 9 seats left for the English-speaking session, and 5 for the French-speaking one
The 2026 online public sessions of my "Mastering Burp Suite Pro" course have been published 📅
- March 24th to 27th, in French 🇫🇷
- April 14th to 17th, in English 🇬🇧
hackademy.agarri.fr/2026
PS: feel free to ping me if you'd like to temporarily block a seat or are looking for a 10% coupon 🎁
- March 24th to 27th, in French 🇫🇷
- April 14th to 17th, in English 🇬🇧
hackademy.agarri.fr/2026
PS: feel free to ping me if you'd like to temporarily block a seat or are looking for a 10% coupon 🎁
Agarri
Training
hackademy.agarri.fr
December 13, 2025 at 1:39 PM
Great article 💎
SOAPwn: Pwning .NET Framework Applications Through HTTP Client Proxies And WSDL
labs.watchtowr.com/soapwn-pwnin...
labs.watchtowr.com/soapwn-pwnin...
SOAPwn: Pwning .NET Framework Applications Through HTTP Client Proxies And WSDL
Welcome back! As we near the end of 2025, we are, of course, waiting for the next round of SSLVPN exploitation to occur in January (as it did in 2024 and 2025). Weeeeeeeee. Before then, we want to…
labs.watchtowr.com
December 13, 2025 at 1:35 PM
Great article 💎
Printed version of Paged Out #7, collected during GreHack 2025 🤩
December 6, 2025 at 12:13 PM
Printed version of Paged Out #7, collected during GreHack 2025 🤩
This vulnerability was the inspiration for the first step of the Panel challenge we played during last week’s Grehack CTF
But we found a dumb bypass 😎
But we found a dumb bypass 😎
Breaking Oracle’s Identity Manager: Pre-Auth RCE (CVE-2025-61757):
slcyber.io/research-cen...
#oracle #authentication #vulnerability #rce #informationsecurity #infosec #cybersecurity #cve
slcyber.io/research-cen...
#oracle #authentication #vulnerability #rce #informationsecurity #infosec #cybersecurity #cve
Breaking Oracle’s Identity Manager: Pre-Auth RCE (CVE-2025-61757) › Searchlight Cyber
Intro Earlier this year, in January, Oracle Cloud's login service (login.us2.oraclecloud.com) was breached—this led to the compromise of 6M records and over 140k Oracle Cloud tenants. Analysis showed ...
slcyber.io
December 3, 2025 at 2:42 PM
This vulnerability was the inspiration for the first step of the Panel challenge we played during last week’s Grehack CTF
But we found a dumb bypass 😎
But we found a dumb bypass 😎
Reposted by Nicolas Grégoire
Reposted by Nicolas Grégoire
📜 L’4N551 4 un3 m1551on 9our vou5.
S1 vou5 l’4cc3973z, vou5 s3r3z 4m3n3 4 :
*53rv1r l’1nt3r37 g3n3r4l 37 9ro73g3r l4 N471on f4c3 4 l4 m3n4c3 cy83r ;
*1nc4rn3r l’3xc3ll3nc3 fr4nç4153 3n m4713r3 d3 cy83rd3f3n53.
9our 7rouv3r vo7r3 m1551on :
🔗 www.welcometothejungle.com/fr/companies...
S1 vou5 l’4cc3973z, vou5 s3r3z 4m3n3 4 :
*53rv1r l’1nt3r37 g3n3r4l 37 9ro73g3r l4 N471on f4c3 4 l4 m3n4c3 cy83r ;
*1nc4rn3r l’3xc3ll3nc3 fr4nç4153 3n m4713r3 d3 cy83rd3f3n53.
9our 7rouv3r vo7r3 m1551on :
🔗 www.welcometothejungle.com/fr/companies...
December 3, 2025 at 10:57 AM
📜 L’4N551 4 un3 m1551on 9our vou5.
S1 vou5 l’4cc3973z, vou5 s3r3z 4m3n3 4 :
*53rv1r l’1nt3r37 g3n3r4l 37 9ro73g3r l4 N471on f4c3 4 l4 m3n4c3 cy83r ;
*1nc4rn3r l’3xc3ll3nc3 fr4nç4153 3n m4713r3 d3 cy83rd3f3n53.
9our 7rouv3r vo7r3 m1551on :
🔗 www.welcometothejungle.com/fr/companies...
S1 vou5 l’4cc3973z, vou5 s3r3z 4m3n3 4 :
*53rv1r l’1nt3r37 g3n3r4l 37 9ro73g3r l4 N471on f4c3 4 l4 m3n4c3 cy83r ;
*1nc4rn3r l’3xc3ll3nc3 fr4nç4153 3n m4713r3 d3 cy83rd3f3n53.
9our 7rouv3r vo7r3 m1551on :
🔗 www.welcometothejungle.com/fr/companies...
Stealth (from Team-Teso, Phrack staff and other groups) passed away earlier this year 😢
I didn't know him personally, but his groundbreaking research has been a constant influence on my career
www.thc.org/404/
I didn't know him personally, but his groundbreaking research has been a constant influence on my career
www.thc.org/404/
www.thc.org
December 3, 2025 at 12:10 PM
Stealth (from Team-Teso, Phrack staff and other groups) passed away earlier this year 😢
I didn't know him personally, but his groundbreaking research has been a constant influence on my career
www.thc.org/404/
I didn't know him personally, but his groundbreaking research has been a constant influence on my career
www.thc.org/404/
Here's the recording of the stream we made earlier this week with @laluka.bsky.social, @thesytten.bsky.social and @rhynorater.bsky.social
If you speak French, you may appreciate its title: "Caido de Noël" 😄 🎁 🎅
www.youtube.com/watch?v=JvUm...
If you speak French, you may appreciate its title: "Caido de Noël" 😄 🎁 🎅
www.youtube.com/watch?v=JvUm...
EP 208 EN | Caido de Noel ? Ft. @Agarri_FR @Rhynorater @TheSytten
YouTube video by Laluka
www.youtube.com
November 27, 2025 at 8:52 AM
Here's the recording of the stream we made earlier this week with @laluka.bsky.social, @thesytten.bsky.social and @rhynorater.bsky.social
If you speak French, you may appreciate its title: "Caido de Noël" 😄 🎁 🎅
www.youtube.com/watch?v=JvUm...
If you speak French, you may appreciate its title: "Caido de Noël" 😄 🎁 🎅
www.youtube.com/watch?v=JvUm...
Reposted by Nicolas Grégoire
I really want to know the full story behind this epic hack, and yet I also hope it is never solved.
It's my favorite day! It's the 38th anniversary of the Max Headroom signal broadcast intrusion!
1st incident lasted 25s during the 9PM news on WGN-TV in Chicago; The 2nd, 2hrs later, lasted ~90s on PBS affiliate WTTW during Dr. Who.
You can watch it here: www.youtube.com/watch?v=oqge...
1st incident lasted 25s during the 9PM news on WGN-TV in Chicago; The 2nd, 2hrs later, lasted ~90s on PBS affiliate WTTW during Dr. Who.
You can watch it here: www.youtube.com/watch?v=oqge...
Max Headroom 1987 Broadcast Signal Intrusion Incident
YouTube video by andrew867
www.youtube.com
November 22, 2025 at 7:50 PM
I really want to know the full story behind this epic hack, and yet I also hope it is never solved.
Reposted by Nicolas Grégoire
I've uploaded the slides of my recent talk "JS Engine Security in 2025": saelo.github.io/presentation.... I think there'll also be a recording available at some point (otherwise I can make one as not everything's in the slides).
Fantastic conference as usual, big thanks to the PoC Crew!
Fantastic conference as usual, big thanks to the PoC Crew!
saelo.github.io
November 24, 2025 at 9:58 AM
I've uploaded the slides of my recent talk "JS Engine Security in 2025": saelo.github.io/presentation.... I think there'll also be a recording available at some point (otherwise I can make one as not everything's in the slides).
Fantastic conference as usual, big thanks to the PoC Crew!
Fantastic conference as usual, big thanks to the PoC Crew!
The 2026 online public sessions of my "Mastering Burp Suite Pro" course have been published 📅
- March 24th to 27th, in French 🇫🇷
- April 14th to 17th, in English 🇬🇧
hackademy.agarri.fr/2026
PS: feel free to ping me if you'd like to temporarily block a seat or are looking for a 10% coupon 🎁
- March 24th to 27th, in French 🇫🇷
- April 14th to 17th, in English 🇬🇧
hackademy.agarri.fr/2026
PS: feel free to ping me if you'd like to temporarily block a seat or are looking for a 10% coupon 🎁
Agarri
Training
hackademy.agarri.fr
November 24, 2025 at 10:14 AM
The 2026 online public sessions of my "Mastering Burp Suite Pro" course have been published 📅
- March 24th to 27th, in French 🇫🇷
- April 14th to 17th, in English 🇬🇧
hackademy.agarri.fr/2026
PS: feel free to ping me if you'd like to temporarily block a seat or are looking for a 10% coupon 🎁
- March 24th to 27th, in French 🇫🇷
- April 14th to 17th, in English 🇬🇧
hackademy.agarri.fr/2026
PS: feel free to ping me if you'd like to temporarily block a seat or are looking for a 10% coupon 🎁
A little command-line trick... 🛠️ 🤓
You can use `rev` twice in order to process something from right to left. For example, in order to sort /etc/passwd by shell:
cat /etc/passwd | rev | sort | rev
You can use `rev` twice in order to process something from right to left. For example, in order to sort /etc/passwd by shell:
cat /etc/passwd | rev | sort | rev
November 23, 2025 at 3:14 PM
A little command-line trick... 🛠️ 🤓
You can use `rev` twice in order to process something from right to left. For example, in order to sort /etc/passwd by shell:
cat /etc/passwd | rev | sort | rev
You can use `rev` twice in order to process something from right to left. For example, in order to sort /etc/passwd by shell:
cat /etc/passwd | rev | sort | rev
La Quadrature du Net n'est pas contente des récents articles sur GrapheneOS, et elle a bien raison ! 👿 🇫🇷
Deux articles du Parisien hier, suivis aujourd'hui d'un article du Figaro, ont lancé une offensive honteuse contre GrapheneOS, un système d'exploitation open-source pour téléphones, gratuit et accessible à tous et toutes.
archive.is/202511190825...
archive.is/202511190825...
archive.is
November 21, 2025 at 11:08 AM
La Quadrature du Net n'est pas contente des récents articles sur GrapheneOS, et elle a bien raison ! 👿 🇫🇷
Reposted by Nicolas Grégoire
This year, I have gone back to talk at cybersecurity conferences, presenting the talk "app.alert(1) is the new alert(1)", at BSides Sofia and BSides Krakow. I have analyzed 4 CVEs: now you can find 3 PoCs in my GitHub :) because slides are cool, but code is better: github.com/luigigubello...
GitHub - luigigubello/bsides-2025: My talk "app.alert(1) is the new alert(1): PDF files as a vector to inject JavaScript code in web applications", presented at BSides Sofia 2025 and BSides Krakow 202...
My talk "app.alert(1) is the new alert(1): PDF files as a vector to inject JavaScript code in web applications", presented at BSides Sofia 2025 and BSides Krakow 2025. - luigigubello/bsid...
github.com
November 10, 2025 at 9:39 AM
This year, I have gone back to talk at cybersecurity conferences, presenting the talk "app.alert(1) is the new alert(1)", at BSides Sofia and BSides Krakow. I have analyzed 4 CVEs: now you can find 3 PoCs in my GitHub :) because slides are cool, but code is better: github.com/luigigubello...
Reposted by Nicolas Grégoire
POV: you are a young woman celebrating a recent academic success
November 17, 2025 at 7:20 PM
POV: you are a young woman celebrating a recent academic success
Reposted by Nicolas Grégoire
Reposted by Nicolas Grégoire
Hoy, c'est CE SOIR à 21H !
Dernier heads-up, mettez votre meilleur rappel / mémo / réveil, ou demandez à votre chat de vous ping !
Au programme : Hack Web / Hack IoT / Devops / Troll / Stories / CLI Tools / AI / Red-Team & Le QUIZZ !
Ah, et des goodies à gagner aussi, bc why not ! 🙃
Dernier heads-up, mettez votre meilleur rappel / mémo / réveil, ou demandez à votre chat de vous ping !
Au programme : Hack Web / Hack IoT / Devops / Troll / Stories / CLI Tools / AI / Red-Team & Le QUIZZ !
Ah, et des goodies à gagner aussi, bc why not ! 🙃
LA soirée du 200ème épisode est annoncée ! 👀
RDV ce Mardi 18 à 21h sur (oui comme d'hab en fait..) :
💌 www.twitch.tv/thelaluka 💌
RDV ce Mardi 18 à 21h sur (oui comme d'hab en fait..) :
💌 www.twitch.tv/thelaluka 💌
November 18, 2025 at 9:22 AM
Hoy, c'est CE SOIR à 21H !
Dernier heads-up, mettez votre meilleur rappel / mémo / réveil, ou demandez à votre chat de vous ping !
Au programme : Hack Web / Hack IoT / Devops / Troll / Stories / CLI Tools / AI / Red-Team & Le QUIZZ !
Ah, et des goodies à gagner aussi, bc why not ! 🙃
Dernier heads-up, mettez votre meilleur rappel / mémo / réveil, ou demandez à votre chat de vous ping !
Au programme : Hack Web / Hack IoT / Devops / Troll / Stories / CLI Tools / AI / Red-Team & Le QUIZZ !
Ah, et des goodies à gagner aussi, bc why not ! 🙃
Reposted by Nicolas Grégoire
🔗 Conférence complète/Full Talk: youtu.be/pq0NMN9HHOY
🎟️ Billets/Tickets NorthSec 2026: nsec.io
#NorthSec #cybersecurity #infosec
🎟️ Billets/Tickets NorthSec 2026: nsec.io
#NorthSec #cybersecurity #infosec
NorthSec 2025 - Wendy Nather - Keynote: A Tabletop As Big As the World
YouTube video by NorthSec
youtu.be
November 16, 2025 at 8:48 PM
🔗 Conférence complète/Full Talk: youtu.be/pq0NMN9HHOY
🎟️ Billets/Tickets NorthSec 2026: nsec.io
#NorthSec #cybersecurity #infosec
🎟️ Billets/Tickets NorthSec 2026: nsec.io
#NorthSec #cybersecurity #infosec
How the hack of a card shuffler presented at Blackhat 2023 by IOActive was used IRL by the mafia and some NBA members
archive.is/7Pm1E
archive.is/7Pm1E
archive.is
November 16, 2025 at 3:15 AM
How the hack of a card shuffler presented at Blackhat 2023 by IOActive was used IRL by the mafia and some NBA members
archive.is/7Pm1E
archive.is/7Pm1E