Rayan Bouyaiche @rayanlecat
Active Directory & Cloud hacking enthusiast, CTF @phreaks2600 and pentester @secnumcloud rayanle.cat France Joined July 2017-
Tweets1K
-
Followers1K
-
Following674
-
Likes11K
Happy to return to @WEareTROOPERS for a joint talk with @olafhartong 😁. We'll cover undocumented PRT behavior and other weird tricks Microsoft uses for Entra SSO on MacOS.
Happy to return to @WEareTROOPERS for a joint talk with @olafhartong 😁. We'll cover undocumented PRT behavior and other weird tricks Microsoft uses for Entra SSO on MacOS.
A lot happened this weekend with @phreaks2600 We managed to finish at the first student place at @1ns0mn1h4ck CTF 🥇 After that we managed to get the second student place at the @MidnightFlag 🥈 Thanks to @orangecyberch and @EsnaBretagne for organizing these two cool events 🔥
🤔 "Rah on s'est fait auditer et ils sont passés administrateur du domaine en seulement 40 minutes, ils ont fait du 'kerberoasting', mais c'est quoi ?" Ah ça, c'est une super bonne question, ça tombe bien (hasard), j'y réponds aujourd'hui en vidéo ! youtu.be/25ZEQMcBQTY
And the top academic team, @phreaks2600, are now qualified for LakeCTF Finals on May 3rd at EPFL! Looking forward
And the top academic team, @phreaks2600, are now qualified for LakeCTF Finals on May 3rd at EPFL! Looking forward
CTF is over! In the end, it was a very close call. Congrats to 🥇 @0rganizers, 🥈 @ECSC_TeamFrance & 🥉 @leetmore! Thanks everyone for participating Insomni'hack CTF 2024, #INSO24, #CTF Here's the final scoreboard.
Bon après un autre patch toujours pas de place.... Si quelqu'un a des places en trop je suis preneur 😅
Bon après un autre patch toujours pas de place.... Si quelqu'un a des places en trop je suis preneur 😅
What if we had one more batch on friday ? See you, April 26, 4 pm 👀
"Hello: I'm your Domain Administrator and I want to authenticate against you". My #SilverPotato is out, check the blog post: decoder.cloud/2024/04/24/hel… 😃
Hey folks! It's time for the #GreHack24 CFP! Do you have an interesting topic you'd like to present? Or an idea for a workshop? Or... both? To your keyboards, you've until July 7 to let us know. Full details on easychair.org/cfp/GreHack2024
Did you know that LSASS has the ability to execute arbitrary kernel-mode addresses? I wrote a small proof of concept that allows administrators to execute unsigned code in the kernel if LSA Protection is disabled. github.com/floesen/KExecDD
Hello to all those who do CTF, what do you like/dislike in Forensic challenges?
I just published a blog and tool for the LSA Whisperer work that was presented at the SpecterOps Conference (SOCON) back in March. If you are interested in getting credentials from LSASS without accessing its memory, check it out! medium.com/specter-ops-po…
The video on how we hacked @GoogleVRP AI Scope and made 50,000$ out of it is out ! 🔥 youtube.com/watch?v=-StKWo…
Thanks a lot to @kevin_mizu and @BitK_ for the challenge during the FCSC :) I've made two write ups for "Twisty Python" and "monopoly", you can found them here : github.com/W0rty/WU-FCSC2… Moreover, thanks again to @ANSSI_FR the CTF was amazing as every year 🩵
Active Directory - Certificate Services - ADCS Cheatsheet swisskyrepo.github.io/InternalAllThe…
☁️ Whether it's on premises or in the cloud, a domain is a domain. 💪 Flex your intrusion muscles with @tiyeuse and @hugow_vincent's training! ➡️ hexacon.fr/trainer/vincen… 📆 30/09-03/10 2024 📍Espace Vinci, Rue des Jeuneurs, Paris
Place purchased 🎟️ See you at #SSTIC 2024 🥳
🎉 Announcing DFIR Labs! 🎉 Introducing our DFIR Labs based on real intrusions from our public reports and private threat briefs! Whether you're starting out or looking to deepen your skills, our labs can help. 1/2
Rémi GASCOU (Podalir.. @podalirius_
7K Followers 555 Following Security Researcher & Speaker | Microsoft Security MVP | Developer of security tools | Coach of the CTF team @OteriHack 🎬 https://t.co/QaAENc4NcYCharlie Bromberg « .. @_nwodtuhs
13K Followers 648 Following Trying to hack the way we hack things 🏴☠️Kévin - Mizu @kevin_mizu
3K Followers 650 Following Vulnerability researcher 🐛 | CTF with @HexagonCTF, @rhackgondins 🦦 | Team FR 2023 🇫🇷 | https://t.co/sEBb6VnMrmWorty @_Worty
2K Followers 514 Following Organizer of @HeroCTF || @FlatNetworkOrg || TeamFR 2021 & 2022 🇫🇷 || 🥷 @SynacktivNoobosaurus R3x 🦖 @NoobosaurusR3x
2K Followers 578 Following L3 H4ck3r L3 Plu5 n00b Du w3b https://t.co/9Ey8TAzkLT https://t.co/jCTWg1DAPevoydstack @voydstack
1K Followers 771 Following 🥷 @Synacktiv | CTF with @RMUBYGG, @Hexagonctf, @ECSC_TeamFrance 20/21/22/23Euz | Matthieu 🐙 @_Euzebius
2K Followers 2K Following Gamer, hacker. Purple teamer at 💜. Infosec swiss army knife. Love pentest, threat hunting, IR. HTB 🇫🇷 ambassador : euz. I didn't choose InfoSec, it chose me.Mathis Hammel @MathisHammel
61K Followers 559 Following Formateur IA, dev, cybersécurité • Entraîneur WorldSkills pour l'équipe de France cyber • GDE, MVP • Parrain de @Guardia_SchoolSh0ck @Sh0ckFR
7K Followers 1K Following Just another infosec guy in a red team - Punk à chien avec le QI d’Einstein 😅Mayfly @M4yFly
5K Followers 754 Following Former Dev and DevOps| Pentester and red teamer at orange cyberdefense | OSCE³| Tweet are my own| discord: m4yflyNishacid @Nishacid
1K Followers 235 Following Cybersecurity enthusiast | Bug Hunter 🪲| Staff @RootMe_org | @GrehackConf 🏔️ | CTF @RMUBYGG 🇫🇷Swissky @pentest_swissky
17K Followers 2K Following RedTeam | Pentest Author of PayloadsAllTheThings & SSRFmap https://t.co/w1ZLRqoafGxanhacks @xanhacks
1K Followers 619 Following 🎯 Web & Malware 🩸CTF with @Arn_Hack @HexagonCTF @GCC_ENSIBS 💾 Staff member of @HeroCTF @Hack2g2 @Flag4jobsLupin @0xLupin
14K Followers 548 Following Roni Carta alias Lupin. Co-Founder of Lupin & Holmes. R&D. Red Teamer. Bug Hunter. Musician 🤘Hackt Back @HacktBack
1K Followers 77 FollowingBoschko 🇨🇦 @olivier_boschko
4K Followers 2K Following just a french canadien | adversary emulation (red team) @ RBC | CISSP BSCP CRTL CRTO OSCP eWPTX eCPPT | goofing off @ https://t.co/aWC0YYEp9xpenthium2 @penthium2
984 Followers 990 Following Ph'nglui mglw'nqfh Viperr R'lyeh wgah'nagl fhtagn. Membre fondateur de BZHack https://t.co/clP3lRlTqyKazama obiang @kazama_obiang
51 Followers 212 Following J’aime la liberté, la cybersécurité, la programmation et le travail bien fais.Mahama @Mahama19654291
2 Followers 34 FollowingCyberdefenseur @cyberdefenseur
1K Followers 6K Following Dernières actualités juridiques et informatiques. Maison d'édition spécialisée Droit & InformatiqueAdhithya Suresh Kumar @amun_rha
414 Followers 1K Following CTF Player | Reverse Engineer | Player @teambi0s Debugging Life ❤️🔥Catakan @0x00Armageddon
9 Followers 365 Following #1337lulz I'm in your infra laughing at your session history. God has forsaken us a long time ago.ghozt @__ghozt
147 Followers 346 Following Reverse Engineering and binary exploitation. @[email protected] https://t.co/7QIoBDJIQa🥷🏻 @HLowlyy
0 Followers 149 FollowingAlex @Alex90039392776
0 Followers 490 Following From a hopeless crush on a captivating stranger, a bitter curse emerged, transforming their once innocent love into a twisted obsession. To MsPsychology1Digital Flavor @_Calypso01
82 Followers 534 Following Hey tous le monde, Je suis calypso un créateur passionné par les IA et la génération de dessins numérique.Purpl3 Hat @Purpl3H4t
2 Followers 12 Following4o4__error_ @4o4__error__
30 Followers 306 FollowingOTO Technology @OtoTechnology
824 Followers 4K Following OTO Technology est une agence IT et Digitale fondée en 2011 présente en France et à l’international.Pythagore @aka_Pythagore
1 Followers 264 FollowingDirk-jan @_dirkjan
25K Followers 173 Following Hacker at @OutsiderSec. Researches AD and Azure (AD) security. Likes to play around with Python and write tools that make work easier.BuzzY_ @U2516g
146 Followers 1K Followingeveryall @Everyall0101
5 Followers 153 Followingerrør404 @hugopicanzo
3K Followers 3K Following Offensive Security - "Practice harder, work harder. Don’t ever make excuses for yourself."ShellD0ne @Keepo_ShellD0ne
32 Followers 212 Following Network | OSINT | Forensic & Reverse engineering enjoyer #Blue_TeamJoseph Kanko @JosephKanko4
44 Followers 1K Followingetiennelb @etiennelb
207 Followers 1K Following 🐈 French Cybersecurity Expert. Twitch Moderator. Listening Electronic Music. Happy Father of 3. Personal account. #OSINT #pentest #infosec #hacking #ctfPhillip Wylie @PhillipWylie
50K Followers 20K Following Phillip Wylie Show Podcast Host | @schoolpwn & @dcg940 Founder | @pentesterblue coauthor | @TribeOfHackers Red TeamJBD🙂♥️☾ @juss_ig
0 Followers 71 FollowingTrack404 @Track404_
44 Followers 163 FollowingYogesh Mavani @yogesh_mavani
11 Followers 184 FollowingOwlyDuck @OwlyDuck
5 Followers 16 FollowingMorgan Gaines @nohchy9
1 Followers 51 FollowingTom Bajoux @BajouxTom
2 Followers 49 FollowingKrazyLazySl0th @KrazyLazySl0th
48 Followers 993 FollowingBajoux Tom @Tom_Bjx
1 Followers 46 FollowingRaku @rakusko77
2 Followers 43 FollowingTransparence Cyber @Transparen66403
5 Followers 138 Following Collectif naissant et engagé https://t.co/5H5fDrfRCVBlue@Red @Romain123621
53 Followers 376 Followingvx-underground @vxunderground
291K Followers 211 Following The largest collection of malware source code, samples, and papers on the internet. Password: infectedRémi GASCOU (Podalir.. @podalirius_
7K Followers 555 Following Security Researcher & Speaker | Microsoft Security MVP | Developer of security tools | Coach of the CTF team @OteriHack 🎬 https://t.co/QaAENc4NcYCharlie Bromberg « .. @_nwodtuhs
13K Followers 648 Following Trying to hack the way we hack things 🏴☠️Kévin - Mizu @kevin_mizu
3K Followers 650 Following Vulnerability researcher 🐛 | CTF with @HexagonCTF, @rhackgondins 🦦 | Team FR 2023 🇫🇷 | https://t.co/sEBb6VnMrmWorty @_Worty
2K Followers 514 Following Organizer of @HeroCTF || @FlatNetworkOrg || TeamFR 2021 & 2022 🇫🇷 || 🥷 @SynacktivHack The Box @hackthebox_eu
190K Followers 226 Following #1 Cyber Performance Center, providing a human-first platform to create and maintain high-performing cybersecurity individuals and organizations.Synacktiv @Synacktiv
17K Followers 277 Following Offensive security company. Dojo of many ninjas. Red teaming, reverse engineering, vuln research, dev of security tools and incident response.Noobosaurus R3x 🦖 @NoobosaurusR3x
2K Followers 578 Following L3 H4ck3r L3 Plu5 n00b Du w3b https://t.co/9Ey8TAzkLT https://t.co/jCTWg1DAPevoydstack @voydstack
1K Followers 771 Following 🥷 @Synacktiv | CTF with @RMUBYGG, @Hexagonctf, @ECSC_TeamFrance 20/21/22/23Euz | Matthieu 🐙 @_Euzebius
2K Followers 2K Following Gamer, hacker. Purple teamer at 💜. Infosec swiss army knife. Love pentest, threat hunting, IR. HTB 🇫🇷 ambassador : euz. I didn't choose InfoSec, it chose me.Mathis Hammel @MathisHammel
61K Followers 559 Following Formateur IA, dev, cybersécurité • Entraîneur WorldSkills pour l'équipe de France cyber • GDE, MVP • Parrain de @Guardia_SchoolSh0ck @Sh0ckFR
7K Followers 1K Following Just another infosec guy in a red team - Punk à chien avec le QI d’Einstein 😅Root-Me @rootme_org
20K Followers 484 Following Root Me allows everyone to test and improve their knowledge in computer security and hacking. Legal. Free. Realistic. Discord: https://t.co/G6y1wDrdOnmpgn @mpgn_x64
17K Followers 234 Following Flibustier du net ̿ ̿̿'̿'\̵͇̿̿\=(•̪●)=/̵͇̿̿/'̿̿ ̿ ̿ ̿ Podcast Hack'n Speak @hacknspeak / https://t.co/GyACSFg9mwMayfly @M4yFly
5K Followers 754 Following Former Dev and DevOps| Pentester and red teamer at orange cyberdefense | OSCE³| Tweet are my own| discord: m4yflyLiveOverflow 🔴 @LiveOverflow
142K Followers 1K Following wannabe hacker... he/him 🌱 grow your hacking skills @hextreeioghozt @__ghozt
147 Followers 346 Following Reverse Engineering and binary exploitation. @[email protected] https://t.co/7QIoBDJIQaSthack @sth4ck
2K Followers 210 Following Bordeaux InfoSec Conference & CTF 👨💻 Next edition 24/05/2024 🍷 Join us on discord : https://t.co/aJ9mm3DdW1Last Week in Security.. @lastweekinfosec
1K Followers 0 Following Automated tweets on the publication of the Last Week in Security blog.osintracker @OsintrackerApp
1K Followers 0 Following Free application to optimize OSINT investigations https://t.co/8A26HoMD1mkrkn @0xB000DEAD
36 Followers 168 FollowingMickey De Baets @Mickey_De_Baets
137 Followers 250 Following Offensive Security Engineer @ Easi - HTB Ambassador 🇧🇪Zach Stein @synzack21
477 Followers 388 Following Red Teamer | Penetration Tester | AD Nerd | Adversary Simulation @SpecterOpsRobert Xiao @nneonneo
4K Followers 209 Following Assistant Professor at @UBC_CS; CTF player with PPP @PlaidCTF; electronics, hardware, software, HCI, securityMidnight Flag CTF @MidnightFlag
1K Followers 29 Following Quatrième édition du Midnight Flag CTF Discord : https://t.co/mWFDMUu6I6 ▪ @ESNABretagne ▪ @Stranger_CaseWhite Knight Labs @WKL_cyber
187 Followers 35 Following We are a small band of engineers that work intimately with our clients to develop risk-based approaches to improve the overall security of their business.Paul Brandau @paulbrandau
325 Followers 425 Following Husband, Father - Chief, Red Team @ CISA. My views are my own and not those of my employer.K.L.M @Clemhate2
725 Followers 395 Following Junior security researcher 🏴☠️ Smart contract auditor warden at @code4rena.ShmooCon @shmoocon
28K Followers 23 Following ShmooCon 2024 is Jan 12-14. This account is used primarily to push information. Got questions? Email us at info @ https://t.co/4QO2tJpuhLOIHEC hackers @HackersOIHEC
43K Followers 7K Following Hacker mexicano - Fundador de OIHEC antes OMHE - #opensoc #latam #speaker #pentester #blueteam #redteam #criptoanarquista #securityFélix Lehoux @L3houx
144 Followers 175 Following Red Teamer | Content Creator on YouTube | Homelab | GeekJoshua Prager @Praga_Prag
826 Followers 635 Following “The impediment to action advances action. What stands in the way becomes the way.” - Marcus Aurelius @SpecterOpsOlaf Hartong @olafhartong
16K Followers 934 Following @FalconForceTeam | researcher with a camera | Microsoft MVP | Snow man role model | https://t.co/bKZGWDNkDJ | https://t.co/5KkGf4YykTDlive @D1iv3
2K Followers 1K Following Security Researcher. 2022 MSRC MVR. Windows Active Directory Security / Cloud Security / Web Security. Tweets are my own.HackCon Norway @hackcon
928 Followers 161 Following HackCon XX Oslo, Norway • Feb 12.-13. 2025 \\ Norways greatest InfoSec Con //Max Grim @max__grim
382 Followers 270 Following Red Teamer @OutflankNL | Cyber Security | Messing around with hardwarePaul L. @am0nsec
6K Followers 275 Following Senior Security Consultant @ Mandiant (part of Google Cloud). Tweets attributable to me — not current or former employers. Honneur de vous rendre compte.Munich Cyber Tactics,.. @MCTTP_Con
317 Followers 3 Following 2nd edition of our awesome con will happen, save the date 17-19th of september 2024 #mcttpEctario @Ectari0
23 Followers 93 Following Cryptography & OffSec enjoyer: 🇨🇵 CTF Player w/ @MadeinFranceCTF & @Phreaks2600Mor Rubin @rubin_mor
341 Followers 27 Following Security Researcher @Aorato acquired by @Microsoft developing #AzureATP #MCASsahuang @sahuang97
3K Followers 682 Following Founder @ProjectSekaiCTF | Software Engineer @MicrosoftVan | Mococo: @_YaNnhui_ | Trading alt: @sahuang_alt | Chunithm & osu! enjoyerJack Halon @jack_halon
4K Followers 389 Following Red Team and Offensive R&D at @CrowdStrike | Powered by ☕🍻🍩winterknife 🌻 @_winterknife_
4K Followers 5K Following low-level developer with a focus on 𝙸𝚗𝚝𝚎𝚕 𝚡𝟾𝟼 ISA devices running 𝚆𝚒𝚗𝚍𝚘𝚠𝚜 | R&D @BHinfoSecurity | https://t.co/lyJL0y7qRZSoumyani1 @reveng007
1K Followers 1K Following Wannabe MalDev/RedTeam | Content absorber | CRTP | Upcoming @vulncon Trainer | @BlackHatEvents Asia Arsenal Presenter | @BSidesSG Speaker | 22 y/o | he/himEpieos @epieos
5K Followers 1 Following The #OSINT tool that simplifies reverse email and phone number lookup to reveal social media profiles without alerting the target. More info: [email protected]UKN @0xUKN
557 Followers 466 Following interested in reverse-engineering, exploitation & vuln research 💡 sometimes playing CTFs 🔮kernelcon @_kernelcon_
2K Followers 74 Following https://t.co/SdwHu7zTbH check reg email for survey and ‘24 hoodie infolaxa @l4x4
543 Followers 264 FollowingCloud Village @cloudvillage_dc
5K Followers 21 Followingdeadc0de @0xdeadc0de___
215 Followers 264 Following Cyber Sec student | Reverse Engineering, Concolic Execution & Math | Monero maxi | 21yo | Apprentice @ Quarkslab | AVX EnjoyerHackSpaceCon @HackSpaceCon
3K Followers 1K Following Launch with us! Hack Space Con April 10-13th,2024. Tickets Available Now: https://t.co/VtWXzZwbybProject Sekai CTF @ProjectSEKAIctf
5K Followers 91 Following Project SEKAI, yet another CTF team. Recruiting experienced players: https://t.co/2ahLBWFwfx Sponsorship: [email protected]BreizhCTF 2024 @BreizhCTF
3K Followers 308 Following #CTF 100% beurre salé. Ouvert à tous, mais les places sont très prisées ! #BreizhCTF2024 Discord ➡️ https://t.co/MAZ16Vd6kgCongon4tor @Congon4tor
913 Followers 300 Following Hacking ☁️ stuff CTF creator and security researcherI think there are some interesting correlations to this and the ever-present “are AWS account IDs secret”? When it comes to the cloud resource addresses (ARNs, bucket names, etc) are in a sense always “global”. Anybody can do anything to everything 1/x blog.plerion.com/aws-account-id…
Denial of wallet attacks are a very real thing 😬I think the official solution to this is to front your S3 bucket with CloudFront. medium.com/@maciej.pocwie…
Our preciouses just arrived 😍 IT'S GETTING REAL! ***** Nos précieuses viennent d'arriver 😍 ON SE VOIT TRÈS BIENTÔT! #NSec #BadgeLife #FlagBot 👀 🤭
@_Mayyhem and I are going to Germany! Our talk, "Misconfiguration Manager: Overlooked and Overprivileged," has been accepted at @WEareTROOPERS! We're excited to discuss the latest SCCM research with everyone!
My @WEareTROOPERS talk "Exploiting Token-Based Authentication: Attacking and Defending Identities in the 2020s" was accepted, so see you in Heidelberg 🇩🇪 in June 26-27!
This is the first time I’ll be co-presenting with @_dirkjan. Our talk on ‘Attacking Primary Refresh Tokens using the Mac implementation’ has been accepted at @WEareTROOPERS Very excited to share this joint research in the beautiful Heidelberg!
dacledit is now merged in Impacket 🚀 I'm proud of the work @BlWasp_ and I provided, we hope you'll love it as much as we loved developing and using it
After 4 months of testing/peer-review and the PR being in draft, dacledit is now ready for official review and merge in Impacket 💪 This script can be used to read, write, remove, backup, restore ACEs in an object's DACL, see you soon when merged 😊 github.com/SecureAuthCorp…
Happy to return to @WEareTROOPERS for a joint talk with @olafhartong 😁. We'll cover undocumented PRT behavior and other weird tricks Microsoft uses for Entra SSO on MacOS.
This is the first time I’ll be co-presenting with @_dirkjan. Our talk on ‘Attacking Primary Refresh Tokens using the Mac implementation’ has been accepted at @WEareTROOPERS Very excited to share this joint research in the beautiful Heidelberg!
It has been a pleasure for us to attend and present at #Insomnihack 2024. In case you missed it, here is our newly released mXSS cheatsheet 🧬🔬 sonarsource.github.io/mxss-cheatshee…
👀
As expected, two variations of the so far known mXSS attacks have been spotted and new DOMPurify releases are ready to fix those. github.com/cure53/DOMPuri… github.com/cure53/DOMPuri… Many thanks to @kevin_mizu and @hash_kitten for spotting and reporting those 🙇
As expected, two variations of the so far known mXSS attacks have been spotted and new DOMPurify releases are ready to fix those. github.com/cure53/DOMPuri… github.com/cure53/DOMPuri… Many thanks to @kevin_mizu and @hash_kitten for spotting and reporting those 🙇
It's time to start announcing our generous sponsors! And we begin with a very faithful one, supporting us since the first edition: @RandoriSec ⛩ To find out more about RandoriSec, visit their website at randorisec.fr #HEXACON2024
🚨📢 Insomni'hack Congratulations also to the academic winners: 🥇@phreaks2600 🥈@polygl0ts 🥉@LosFuzzys 🥳 We look forward to seeing you next year! #INSO24 #CTF #cybersecurity
🚨📢 Insomni'hack 💻🛡️More than 500 people took part in the ‘Capture the Flag’ hacking competition. We congratulate the following global teams: 🥇@0rganizers 🥈@ECSC_TeamFrance 🥉@leetmore 🥳 We look forward to seeing you next year! #INSO24 #CTF
@techspence Or even better, use our automated loop : github.com/LuccaSA/PingCa… Credits : @mpgn_x64
📣 Votre attention s'il vous plaît ! Nous devrions avoir quelques places disponibles pour inscrire de nouvelles équipes au #BreizhCTF2024 🎟️ Soyez attentifs dans les jours à venir et surtout, soyez vifs ! 👀 cc @_SaxX_ | @kaluche_
🚨📢 Insomni'hack 🥳 It's a wrap! The 15th edition of Insomni'hack, was a real success! 🤝A huge thank you to everyone involved in organizing this event, our partners and the integrators village. 🙏🏼Thank you to the participants and customers! #INSO24 ©mgphotographies
🤔 "Rah on s'est fait auditer et ils sont passés administrateur du domaine en seulement 40 minutes, ils ont fait du 'kerberoasting', mais c'est quoi ?" Ah ça, c'est une super bonne question, ça tombe bien (hasard), j'y réponds aujourd'hui en vidéo ! youtu.be/25ZEQMcBQTY
Registration for trainings is now open! ⏳ Don't miss your chance to learn from the best and have a great time in Paris 🥐 hexacon.fr/register/
In the past, I created a challenge with 1000 GET parameters (not PHP): blog.arkark.dev/2022/11/18/sec… Such a parameter limit is probably for DoS protection, but ironically it is sometimes(?) abused as a bypass technique. Interestingly, it's CSP bypass in @pilvar222 's challenge!
🧵[1/9] Time to publish the solution to this challenge! x.com/pilvar222/stat… The goal of this challenge was to find an XSS while avoiding it being blocked by the CSP sent by the PHP header() function. Let's dive into it!