Agarri: Offensive information security

Welcome!
Agarri is small company dedicated to the offensive aspects of information security

Recently published vulnerabilities [+]

Adobe Reader: Multiple memory corruptions during XSLT processing (APSB 17-11)
Firefox: Multiple UAF during XSLT processing (MFSA 2017-10)
Revive Adserver: Arbitrary PHP deserialization (REVIVE-SA-2017-001)
Adobe Reader: Multiple memory corruptions during XSLT processing (APSB 17-01)
Firefox: UAF during XSLT processing (MFSA 2017-01)

Upcoming "Burp Suite Pro" trainings [+]

Sept 2022 - English - UTC+2 (Sept 13th, 2022 - Sept 16th, 2022)
Oct 2022 - French - UTC+2 (October 4th, 2022 - October 7th, 2022)
Oct 2022 - English - UTC-4 (October 18th, 2022 - October 21st, 2022)

Latest tweets [+]

A good list of books ⤵️📖 https://t.co/vlsCpG6CsX
1. Mon Jan 30 11:31:07 2023
Nice RCE in VS Code. Yeah, I know, it’s 2-month old... https://t.co/4smZQwScM1
1. Fri Jan 27 18:41:45 2023
@rubenLo84758621 @rolando_andia @apuhccc 🚨 SCAM ⬆️
1. Thu Jan 26 13:34:48 2023
RT'ing my own tweets... 🙃 https://t.co/GJ1XNQs24D
1. Thu Jan 26 08:52:24 2023
Asking ChatGPT to bypass the Dalle-2 content filter, by @Adversa_AI 🤖 🆚 🤖 https://t.co/nLCnxzEzpK
1. Wed Jan 25 23:49:22 2023

Recent talks [+]

Nearly generic fuzzing of XML-based formats
1. Nullcon (March 2017 - Goa - IN - slides - video)
Server-side browsing considered harmful
1. Hackfest (November 2015 - CA - video (FR))
2. Hack in Paris (June 2015 - FR)
3. HackPra Allstars - OWASP AppSec EU (May 2015 - NL - slides - video)
Hunting for top bounties
1. OWASP CZ (December 2014 - CZ)
2. ZeroNights (November 2014 - RU - slides)
3. Hacktivity (October 2014 - HU - video)

Recent blog posts [+]

A recap of the Q&A session on Twitter
1. 23/04/2021 07h37
Intruder and CSRF-protected form, without macros
1. 13/01/2020 23h51
Back to blogging?
1. 24/01/2019 15h33
Exploiting a Blind XSS using Burp Suite
1. 04/04/2017 22h55
Deserialization in Perl v5.8
1. 06/02/2016 20h30

webmaster@agarri.fr
Copyright 2010-2023 Agarri