Home
Company
Publications
Trainings
Blog
Welcome!
Agarri is small company dedicated to the offensive aspects of information security
Recently published vulnerabilities
[+]
Adobe Reader: Multiple memory corruptions during XSLT processing (
APSB 17-11
)
Firefox: Multiple UAF during XSLT processing (
MFSA 2017-10
)
Revive Adserver: Arbitrary PHP deserialization (
REVIVE-SA-2017-001
)
Adobe Reader: Multiple memory corruptions during XSLT processing (
APSB 17-01
)
Firefox: UAF during XSLT processing (
MFSA 2017-01
)
Upcoming "Burp Suite Pro" trainings
[+]
November 2020
in French on UTC+1 (November 3rd to 6th, 2020)
December 2020
in English on UTC+1 (December 15th to 18th, 2020)
January 2021
in French on UTC-5 (January 26th to 29th, 2021)
February 2021
in English on UTC+8 (February 9th to 12th, 2021)
March 2021
in English on UTC-8 (March 9th to 12th, 2021)
Latest tweets
[+]
RT
@irsdl
: If you only read 3 of them per day, we are done before the deadline to vote:
https://t.co/LPOVZNw0Kp
😰I like many of them just b…
Sat Jan 23 23:43:57 2021
RT
@PortSwiggerRes
: It's time to cast your vote for the Top 10 Web Hacking Techniques of 2020! Grab a brew, peruse our hefty nomination li…
Fri Jan 22 19:14:54 2021
RT
@Synacktiv
: First action when testing Symfony applications is to search app_dev.php. This dev feature is so powerful that we've release…
Fri Jan 22 18:39:01 2021
RT
@TomNomNom
: ...super pro-tip (with a little shameless self promotion mixed in): this works very well with gron to diff two json files 🙃…
Thu Jan 21 20:28:33 2021
51% attack on Firo ( ex Zcoin), more than 300 blocks rolled back
https://t.co/ORyRJp9laD
Thu Jan 21 20:16:15 2021
Recent talks
[+]
Nearly generic fuzzing of XML-based formats
Nullcon
(March 2017 - Goa - IN -
slides
-
video
)
Server-side browsing considered harmful
Hackfest
(November 2015 - CA -
video (FR)
)
Hack in Paris
(June 2015 - FR)
HackPra Allstars - OWASP AppSec EU
(May 2015 - NL -
slides
-
video
)
Hunting for top bounties
OWASP CZ
(December 2014 - CZ)
ZeroNights
(November 2014 - RU -
slides
)
Hacktivity
(October 2014 - HU -
video
)
Recent blog posts
[+]
A recap of the Q&A session on Twitter
19/06/2020 00h14
Intruder and CSRF-protected form, without macros
13/01/2020 23h51
Back to blogging?
24/01/2019 15h33
Exploiting a Blind XSS using Burp Suite
04/04/2017 22h55
Deserialization in Perl v5.8
06/02/2016 20h30
webmaster@agarri.fr
Copyright 2010-2020 Agarri