Agarri: Offensive information security

Recently published vulnerabilities [+]

Adobe Reader: Multiple memory corruptions during XSLT processing (APSB 17-11)
Firefox: Multiple UAF during XSLT processing (MFSA 2017-10)
Revive Adserver: Arbitrary PHP deserialization (REVIVE-SA-2017-001)
Adobe Reader: Multiple memory corruptions during XSLT processing (APSB 17-01)
Firefox: UAF during XSLT processing (MFSA 2017-01)

RT @insertScript: As Adobe has patched my bypass- here is the short PoC: Instead of specifying \\<attackerDomain>\share\x, I used \\;Lanman…
1. Fri Feb 22 12:28:39 2019
To all @Burp_Suite aficionados from 🇨🇦🇺🇸: I'll give only one public training on your continent this year:… https://t.co/DErQJZsOBO
1. Fri Feb 22 11:27:56 2019
RT @Korben: Proverbe du jour : "Vacances scolaires, télétravail en enfer."
1. Fri Feb 22 11:04:41 2019
@Korben Je plussoie ... Hier, je devais bosser. Finalement, j'ai fait des maths.
1. Fri Feb 22 11:03:10 2019
@teh_gerg Let me add that most XML parsers were written 10 to 20 years ago. And don't start me of technologies on t… https://t.co/6ZYXnjUoKS
1. Thu Feb 21 13:56:09 2019

Nearly generic fuzzing of XML-based formats
1. Nullcon (March 2017 - Goa - IN - slides - video)
Server-side browsing considered harmful
1. Hackfest (November 2015 - CA - video (FR))
2. Hack in Paris (June 2015 - FR)
3. HackPra Allstars - OWASP AppSec EU (May 2015 - NL - slides - video)
Hunting for top bounties
1. OWASP CZ (December 2014 - CZ)
2. ZeroNights (November 2014 - RU - slides)
3. Hacktivity (October 2014 - HU - video)