Agarri: Offensive information security

Recently published vulnerabilities [+]

Adobe Reader: Multiple memory corruptions during XSLT processing (APSB 17-11)
Firefox: Multiple UAF during XSLT processing (MFSA 2017-10)
Revive Adserver: Arbitrary PHP deserialization (REVIVE-SA-2017-001)
Adobe Reader: Multiple memory corruptions during XSLT processing (APSB 17-01)
Firefox: UAF during XSLT processing (MFSA 2017-01)

RT @0x446f49: Alright, response time logging got merged into ffuf. Find you some time-based bugs! Thanks @joohoi https://t.co/FhibHqPFE9
1. Sun May 16 21:57:56 2021
RT @GrahamBleaney: For those attending @pycon (it's too late to sign up!), check out the out the talk @the_st0rm and I are giving on the my…
1. Sun May 16 21:54:35 2021
RT @Agarri_FR: My own payload, using the \c escape sequence instead on the "$ also means \n" regex bug: (metadata (Subject "\c${system('id'…
1. Sat May 15 07:39:26 2021
Regarding \c in Perl... https://t.co/MdYINulfhC
1. Sat May 15 07:31:21 2021
My own payload, using the \c escape sequence instead on the "$ also means \n" regex bug: (metadata (Subject "\c${system('id')};"))
1. Sat May 15 07:29:41 2021

Nearly generic fuzzing of XML-based formats
1. Nullcon (March 2017 - Goa - IN - slides - video)
Server-side browsing considered harmful
1. Hackfest (November 2015 - CA - video (FR))
2. Hack in Paris (June 2015 - FR)
3. HackPra Allstars - OWASP AppSec EU (May 2015 - NL - slides - video)
Hunting for top bounties
1. OWASP CZ (December 2014 - CZ)
2. ZeroNights (November 2014 - RU - slides)
3. Hacktivity (October 2014 - HU - video)