Agarri: Offensive information security

Recently published vulnerabilities [+]

Adobe Reader: Multiple memory corruptions during XSLT processing (APSB 17-11)
Firefox: Multiple UAF during XSLT processing (MFSA 2017-10)
Revive Adserver: Arbitrary PHP deserialization (REVIVE-SA-2017-001)
Adobe Reader: Multiple memory corruptions during XSLT processing (APSB 17-01)
Firefox: UAF during XSLT processing (MFSA 2017-01)

RT @fabsx00: This "you can't parse HTML with regex" post is still golden: https://t.co/xvU2I6QrAT - also love the moderator's note.
1. Thu Aug 06 15:39:30 2020
A useful feature I discovered last week... 🎁 https://t.co/6ZEou0yL1r
1. Thu Aug 06 15:31:07 2020
From 🇫🇷 with ☀️ and 🖤 https://t.co/9SJUOfOjrG
1. Thu Aug 06 14:00:55 2020
Long ago, I reported to Sun Microsystems a Stored XSS affecting their webmail product. The report itself was a PoC… https://t.co/adeebEPZrg
1. Wed Aug 05 23:31:37 2020
RT @mufinnnnnnn: Cool XXE to RCE vulnerability from the 2020 ICS #pwn2own #zdi https://t.co/EVir1YfECQ
1. Wed Aug 05 20:05:47 2020

Nearly generic fuzzing of XML-based formats
1. Nullcon (March 2017 - Goa - IN - slides - video)
Server-side browsing considered harmful
1. Hackfest (November 2015 - CA - video (FR))
2. Hack in Paris (June 2015 - FR)
3. HackPra Allstars - OWASP AppSec EU (May 2015 - NL - slides - video)
Hunting for top bounties
1. OWASP CZ (December 2014 - CZ)
2. ZeroNights (November 2014 - RU - slides)
3. Hacktivity (October 2014 - HU - video)