Agarri: Offensive information security

Recently published vulnerabilities [+]

Adobe Reader: Multiple memory corruptions during XSLT processing (APSB 17-11)
Firefox: Multiple UAF during XSLT processing (MFSA 2017-10)
Revive Adserver: Arbitrary PHP deserialization (REVIVE-SA-2017-001)
Adobe Reader: Multiple memory corruptions during XSLT processing (APSB 17-01)
Firefox: UAF during XSLT processing (MFSA 2017-01)

RT @singe: @Agarri_FR That’s cool, but the end was a little scary. Turned out they hacked a third party, not Uber.
1. Mon May 25 10:37:34 2020
Bug chaining 🤩 https://t.co/JAjgOZJhv7
1. Mon May 25 09:53:54 2020
@NayaniShayan @NahamSec Absolutely, especially the 2nd edition...
1. Mon May 25 09:30:47 2020
RT @lean0x2f: @hkashfi @orange_8361 A few days ago I went back to the appsec slides about SSRF from @Agarri_FR and learned about DNS TOCTOU…
1. Mon May 25 08:56:09 2020
@thegrugq v
1. Mon May 25 01:29:08 2020

Nearly generic fuzzing of XML-based formats
1. Nullcon (March 2017 - Goa - IN - slides - video)
Server-side browsing considered harmful
1. Hackfest (November 2015 - CA - video (FR))
2. Hack in Paris (June 2015 - FR)
3. HackPra Allstars - OWASP AppSec EU (May 2015 - NL - slides - video)
Hunting for top bounties
1. OWASP CZ (December 2014 - CZ)
2. ZeroNights (November 2014 - RU - slides)
3. Hacktivity (October 2014 - HU - video)