Agarri: Offensive information security

Recently published vulnerabilities [+]

Adobe Reader: Multiple memory corruptions during XSLT processing (APSB 17-11)
Firefox: Multiple UAF during XSLT processing (MFSA 2017-10)
Revive Adserver: Arbitrary PHP deserialization (REVIVE-SA-2017-001)
Adobe Reader: Multiple memory corruptions during XSLT processing (APSB 17-01)
Firefox: UAF during XSLT processing (MFSA 2017-01)

RT @floyd_ch: @Agarri_FR @ChrisADale @Burp_Suite Me too. And when you install the Response Clusterer extensions you basically get parts of…
1. Sun Apr 21 07:30:47 2019
RT @McGrewSecurity: @thegrugq ...and a couple hundred bucks can buy you a machine capable of virtualizing pretty much anything you want to…
1. Sun Apr 21 07:27:01 2019
RT @Agarri_FR: @ChrisADale @Burp_Suite My former students call that technique "bombjacking", thanks to the eponym challenge. https://t.co/p…
1. Sat Apr 20 20:35:00 2019
@ChrisADale @Burp_Suite My former students call that technique "bombjacking", thanks to the eponym challenge. https://t.co/pJjR8lAWRg
1. Sat Apr 20 20:34:22 2019
RT @ChrisADale: One of the best @Burp_Suite techniques for Intruder is using numbers 00-FF, prefix % then URL decode. Try with and without…
1. Sat Apr 20 18:14:27 2019

Nearly generic fuzzing of XML-based formats
1. Nullcon (March 2017 - Goa - IN - slides - video)
Server-side browsing considered harmful
1. Hackfest (November 2015 - CA - video (FR))
2. Hack in Paris (June 2015 - FR)
3. HackPra Allstars - OWASP AppSec EU (May 2015 - NL - slides - video)
Hunting for top bounties
1. OWASP CZ (December 2014 - CZ)
2. ZeroNights (November 2014 - RU - slides)
3. Hacktivity (October 2014 - HU - video)