Nicolas Grégoire
LightNews LightNews
agarri.fr
Nicolas Grégoire
@agarri.fr
4.4K followers 620 following 1K posts
Web hacker 😈
Burp Suite Pro trainer 👨‍🏫
Maintainer of @mastering-burp.agarri.fr 🛠️
Posts Replies Media Videos
Pinned
agarri.fr
Nicolas Grégoire @agarri.fr · Nov 24
The 2026 online public sessions of my "Mastering Burp Suite Pro" course have been published 📅

- March 24th to 27th, in French 🇫🇷
- April 14th to 17th, in English 🇬🇧

hackademy.agarri.fr/2026

PS: feel free to ping me if you'd like to temporarily block a seat or are looking for a 10% coupon 🎁
Agarri
Training
hackademy.agarri.fr
agarri.fr
Another highly satisfied trainee 😎 👨‍🏫

If you want to take the online version of my Burp Suite course, there are two opportunities really soon (March in French, April in English) hackademy.agarri.fr/sessions

And if you want to indulge your company a private session (like this company did), ping me!
Last week, I had the opportunity to attend the 4-day Mastering Burp Suite Pro training by 🛠️ Nicolas Gregoire, and it exceeded my expectations by far. This wasn’t just another slide-driven course. Nicolas took the time to answer every question in depth and provided plenty of hands-on labs, allowing us to immediately apply what had just been explained. Even though I’ve been working with Burp for nearly five years, I still picked up a surprising number of new techniques and practical tricks, including ways to streamline otherwise time-consuming workflows such as managing CSRF tokens both with and without session handling rules. What I especially appreciated were the little side explorations (driven by our requests) into methodologies for leveraging features and extensions to remain stealthy or bypass WAFs. This is something that’s particularly relevant (and often underestimated) when exploiting external or internal web applications during advanced Red Team engagements. I’m genuinely looking forward to applying this newly gained knowledge in upcoming projects, and I can wholeheartedly recommend this training to any (web) pentester who wants to level up their Burp skills. Big thanks to Nicolas for an excellent and highly practical course!
February 10, 2026 at 8:46 AM
Reposted by Nicolas Grégoire
agarri.fr
Spring is just around the corner, and that's when I offer online training courses on Burp Suite Pro 👨‍🏫 Two sessions are planned (in English and French), and there are still a few spots left in each.

Contact me to get an early-bird discount code! 💰
Agarri
Training
hackademy.agarri.fr
January 31, 2026 at 12:31 PM
agarri.fr
Spring is just around the corner, and that's when I offer online training courses on Burp Suite Pro 👨‍🏫 Two sessions are planned (in English and French), and there are still a few spots left in each.

Contact me to get an early-bird discount code! 💰
Agarri
Training
hackademy.agarri.fr
January 31, 2026 at 12:31 PM
Reposted by Nicolas Grégoire
jameskettle.com
Thanks to everyone who nominated & voted in the top ten! The panel of @irsdl.bsky.social , @agarri.fr , @liveoverflow.bsky.social and myself are hard at work reviewing the 15 finalists... we're hoping to announce the winners next week!
January 29, 2026 at 4:04 PM
agarri.fr
In case you didn't vote yet (2 days left!), let me tell you that your participation is critical 🗳️

Indeed, the panel (that I'm part of) will only process the top X results and it may contain some sh*tty entries (because of ballot stuffing 🥴)

So please do your part! 🙏
January 20, 2026 at 10:24 AM
agarri.fr
It's time to vote for your favorite Web Hacking Techniques of 2025 🗳️

portswigger.net/polls/top-10...
Top 10 web hacking techniques of 2025
Welcome to the community vote for the Top 10 Web Hacking Techniques of 2025.
portswigger.net
January 16, 2026 at 1:01 PM
Reposted by Nicolas Grégoire
agarri.fr
The 2026 online public sessions of my "Mastering Burp Suite Pro" course have been published 📅

- March 24th to 27th, in French 🇫🇷
- April 14th to 17th, in English 🇬🇧

hackademy.agarri.fr/2026

PS: feel free to ping me if you'd like to temporarily block a seat or are looking for a 10% coupon 🎁
Agarri
Training
hackademy.agarri.fr
November 24, 2025 at 10:14 AM
agarri.fr
I'm slowly going though the talks from the CCC congress. Here's my favorites so far... ⤵️
January 13, 2026 at 11:35 AM
Reposted by Nicolas Grégoire
agarri.fr
Anna’s Archive is an incredible project aimed at preserving humanity’s knowledge and culture

Their latest exploit is a near-full backup of Spotify. It includes 86 million songs, representing around 99.6% of listens 🎶

annas-archive.org/blog/backing...
Backing up Spotify
We backed up Spotify (metadata and music files). It’s distributed in bulk torrents (~300TB). It’s the world’s first “preservation archive” for music which is fully open (meaning it can easily be mirro...
annas-archive.org
December 31, 2025 at 3:06 PM
agarri.fr
Anna’s Archive is an incredible project aimed at preserving humanity’s knowledge and culture

Their latest exploit is a near-full backup of Spotify. It includes 86 million songs, representing around 99.6% of listens 🎶

annas-archive.org/blog/backing...
Backing up Spotify
We backed up Spotify (metadata and music files). It’s distributed in bulk torrents (~300TB). It’s the world’s first “preservation archive” for music which is fully open (meaning it can easily be mirro...
annas-archive.org
December 31, 2025 at 3:06 PM
Reposted by Nicolas Grégoire
seanwrightsec.com
Looks like the final OWASP Top 10 (2025) has been published: owasp.org/Top10/2025/.

Based on commits, looks like this happened 5 days ago.
OWASP Top 10:2025
OWASP Top 10:2025
owasp.org
December 29, 2025 at 12:24 PM
Reposted by Nicolas Grégoire
Good read github.com/readme/guide...
Publishing your work increases your luck
In 12 months, @aarondfrancis changed his life by bypassing fear and embracing risk. Now, he’s working his dream job @tuple. Get his full story on The ReadME Project:
github.com
December 27, 2025 at 2:36 PM
Reposted by Nicolas Grégoire
hackerschoice.bsky.social
THC Release 💥: The world’s largest IP<>Domain database: ip.thc.org

All forward and reverse IPs, all CNAMES and all subdomains of every domain. For free.

Updated monthly.

Try: curl ip.thc.org/1.1.1.1

Raw data (187GB): ip.thc.org/docs/bulk-da...

(The fine work of messede 👌)
December 17, 2025 at 1:33 PM
agarri.fr
#Protip Need to go really fast and HEAD is disabled?
Use GET and the Range header...
December 20, 2025 at 10:55 AM
Reposted by Nicolas Grégoire
phrack.org
The wait is over! Phrack 72 40th Anniversary Edition is available now.

Order straight to your doorstep — the perfect gift for your fellow hacker, just in time for the holidays 🎄

No need to go to rely on the warez scene with scans anymore 😅

Order here: www.lulu.com/shop/phrack-...
December 13, 2025 at 9:34 AM
Reposted by Nicolas Grégoire
hackerschoice.bsky.social
THC Release: 🎄Smallest SSHD backdoor🎄

- Does not add any new file
- Survives apt-update
- Does not use PAM or authorized_keys

Just SSHD trickery....adds one line only.

More at thc.org/tips 👌
December 14, 2025 at 2:47 PM
agarri.fr
Looking for a Christmas gift for yourself? #burp #training #2026

There’s 9 seats left for the English-speaking session, and 5 for the French-speaking one
agarri.fr Nicolas Grégoire @agarri.fr · Nov 24
The 2026 online public sessions of my "Mastering Burp Suite Pro" course have been published 📅

- March 24th to 27th, in French 🇫🇷
- April 14th to 17th, in English 🇬🇧

hackademy.agarri.fr/2026

PS: feel free to ping me if you'd like to temporarily block a seat or are looking for a 10% coupon 🎁
Agarri
Training
hackademy.agarri.fr
December 13, 2025 at 1:39 PM
agarri.fr
Great article 💎
December 13, 2025 at 1:35 PM
agarri.fr
Printed version of Paged Out #7, collected during GreHack 2025 🤩
Printed version of Paged Out #7, collected during GreHack 2025
December 6, 2025 at 12:13 PM
agarri.fr
This vulnerability was the inspiration for the first step of the Panel challenge we played during last week’s Grehack CTF

But we found a dumb bypass 😎
December 3, 2025 at 2:42 PM
Reposted by Nicolas Grégoire
molly.wiki
www.citationneeded.news/issue-91/#tr...
Issue 91 – GDP on the blockchain
The regulator set to take on primary crypto oversight is down to a single Commissioner, and new pro-crypto PACs focus on installing more Republicans in the midterms
www.citationneeded.news
November 25, 2025 at 4:42 PM
Reposted by Nicolas Grégoire
anssi-fr.bsky.social
📜 L’4N551 4 un3 m1551on 9our vou5.

S1 vou5 l’4cc3973z, vou5 s3r3z 4m3n3 4 :
*53rv1r l’1nt3r37 g3n3r4l 37 9ro73g3r l4 N471on f4c3 4 l4 m3n4c3 cy83r ;
*1nc4rn3r l’3xc3ll3nc3 fr4nç4153 3n m4713r3 d3 cy83rd3f3n53.

9our 7rouv3r vo7r3 m1551on :
🔗 www.welcometothejungle.com/fr/companies...
L’4N551 4 un3 m1551on 9our vou5 :
December 3, 2025 at 10:57 AM
agarri.fr
Stealth (from Team-Teso, Phrack staff and other groups) passed away earlier this year 😢

I didn't know him personally, but his groundbreaking research has been a constant influence on my career

www.thc.org/404/
www.thc.org
December 3, 2025 at 12:10 PM
agarri.fr
Here's the recording of the stream we made earlier this week with @laluka.bsky.social, @thesytten.bsky.social and @rhynorater.bsky.social

If you speak French, you may appreciate its title: "Caido de Noël" 😄 🎁 🎅

www.youtube.com/watch?v=JvUm...
EP 208 EN | Caido de Noel ? Ft. @Agarri_FR @Rhynorater @TheSytten
YouTube video by Laluka
www.youtube.com
November 27, 2025 at 8:52 AM
Reposted by Nicolas Grégoire
mattblaze.org
I really want to know the full story behind this epic hack, and yet I also hope it is never solved.
wbm312.bsky.social Whitney Merrill @wbm312.bsky.social · Nov 22
It's my favorite day! It's the 38th anniversary of the Max Headroom signal broadcast intrusion!

1st incident lasted 25s during the 9PM news on WGN-TV in Chicago; The 2nd, 2hrs later, lasted ~90s on PBS affiliate WTTW during Dr. Who.

You can watch it here: www.youtube.com/watch?v=oqge...
Max Headroom 1987 Broadcast Signal Intrusion Incident
YouTube video by andrew867
www.youtube.com
November 22, 2025 at 7:50 PM