Agarri: Offensive information security

Recently published vulnerabilities [+]

Adobe Reader: Multiple memory corruptions during XSLT processing (APSB 17-11)
Firefox: Multiple UAF during XSLT processing (MFSA 2017-10)
Revive Adserver: Arbitrary PHP deserialization (REVIVE-SA-2017-001)
Adobe Reader: Multiple memory corruptions during XSLT processing (APSB 17-01)
Firefox: UAF during XSLT processing (MFSA 2017-01)

RT @Agarri_FR: On December 25th 1998 (more 20 years ago!), rain.forest.puppy covered both SQL injection and SSRF in his Phrack 54 article h…
1. Sun Jul 21 07:38:21 2019
RT @nnwakelam: still looking for a CCCamp ticket! Please retweet.
1. Fri Jul 19 15:42:27 2019
@cnotin No idea, sorry...
1. Fri Jul 19 07:05:34 2019
@cnotin My recommendation would be to use a standalone public server as the proxy. But you would still have to prot… https://t.co/iXAPSolpOa
1. Thu Jul 18 15:26:47 2019
RT @bl4sty: https://t.co/KJUhDn1dkS RCE exploit (LAN, but probably WAN with some CSRF/SSRF imagination) for ZTE H368N/H369A (and probably o…
1. Thu Jul 18 12:34:22 2019

Nearly generic fuzzing of XML-based formats
1. Nullcon (March 2017 - Goa - IN - slides - video)
Server-side browsing considered harmful
1. Hackfest (November 2015 - CA - video (FR))
2. Hack in Paris (June 2015 - FR)
3. HackPra Allstars - OWASP AppSec EU (May 2015 - NL - slides - video)
Hunting for top bounties
1. OWASP CZ (December 2014 - CZ)
2. ZeroNights (November 2014 - RU - slides)
3. Hacktivity (October 2014 - HU - video)