Nicolas Grégoire
@agarri.fr
📤 4476
📥 618
📝 1029
Web hacker 😈 Burp Suite Pro trainer 👨🏫 Maintainer of
@mastering-burp.agarri.fr
🛠️
reposted by
Nicolas Grégoire
Richard Johnson
about 1 month ago
Please tell your friends, four weeks before
@phrack.org
submission deadline! We also are seeking both interior and cover art. We are working with our friends at
@pagedout.bsky.social
again to create a fancy interior design for our main annual release!! Be a part of hacker history!
add a skeleton here at some point
0
6
5
reposted by
Nicolas Grégoire
Hash Miser ✊🇺🇦
26 days ago
À 42 balais je trouve toujours absolument fantastique de pouvoir prendre un verre assis dans une boîte en métal qui roule à 300km/h tout en regardant le paysage. Petit plaisir coupable personnel !
1
7
1
reposted by
Nicolas Grégoire
0xacb
14 days ago
Every time I see a feature that's supposed to happen once (applying coupon codes, making withdrawals, vote counts, redeeming invites, etc.), I try Turbo Intruder. These bugs are everywhere.
0
1
1
En cette chaude semaine qui commence, vous vous dites : 1️⃣ Je vais à Le Hack 2️⃣ Je vais au Hack
7 days ago
0
1
0
I'm not here to brag, but I really think that most people have no idea of the gap between their usage of Burp Suite Pro and what is actually possible...
7 days ago
1
0
0
Once again, WarConPL was a blast 👨💻🍽️🍺🍸🪩🕺 I hope it wasn't the last edition, despite all the rumors 🤞 And if it was, too bad & thanks antisnatchor and h0wlu for all the fish 🥰
27 days ago
0
3
0
I'll give a single public on-site Burp Suite Pro training session this year, and it will be in RomHack 🇮🇹 (registration link in replies) And if you're not sure this course would fit you, just give a look at this recent feedback
about 1 month ago
1
3
4
A very interesting read 💎
www.sentinelone.com/labs/fast16-...
loading . . .
fast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet
A previously unknown 2005 cyber sabotage framework patches high-precision calculation software in memory to silently corrupt results.
https://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/
2 months ago
1
3
1
Feeling lazy but dreaming of posting like your favorite influencer? Here's a solution ✨🤖✨
www.cringebot3000.com
loading . . .
LinkedIn CringeBot 3000
Transform any topic into peak LinkedIn thought leadership guaranteed to make your followers shudder.
https://www.cringebot3000.com/
3 months ago
1
0
0
Come to Roma 🇮🇹 in September and attend the only in-person public training session I'll give in 2026! 👨🏫 And if you like camping with other hackers (as I do), stay over the weekend for the 3-day long RomHack Camp 🏕️
romhack.io/training/
loading . . .
RomHack Training
https://romhack.io/training/
4 months ago
0
3
2
Another highly satisfied trainee 😎 👨🏫 If you want to take the online version of my Burp Suite course, there are two opportunities really soon (March in French, April in English)
hackademy.agarri.fr/sessions
And if you want to indulge your company a private session (like this company did), ping me!
5 months ago
0
4
1
reposted by
Nicolas Grégoire
Spring is just around the corner, and that's when I offer online training courses on Burp Suite Pro 👨🏫 Two sessions are planned (in English and French), and there are still a few spots left in each. Contact me to get an early-bird discount code! 💰
loading . . .
Agarri
Training
https://hackademy.agarri.fr/2026
5 months ago
0
6
5
Spring is just around the corner, and that's when I offer online training courses on Burp Suite Pro 👨🏫 Two sessions are planned (in English and French), and there are still a few spots left in each. Contact me to get an early-bird discount code! 💰
loading . . .
Agarri
Training
https://hackademy.agarri.fr/2026
5 months ago
0
6
5
reposted by
Nicolas Grégoire
James Kettle
5 months ago
Thanks to everyone who nominated & voted in the top ten! The panel of
@irsdl.bsky.social
,
@agarri.fr
,
@liveoverflow.bsky.social
and myself are hard at work reviewing the 15 finalists... we're hoping to announce the winners next week!
0
8
1
In case you didn't vote yet (2 days left!), let me tell you that your participation is critical 🗳️ Indeed, the panel (that I'm part of) will only process the top X results and it may contain some sh*tty entries (because of ballot stuffing 🥴) So please do your part! 🙏
add a skeleton here at some point
5 months ago
0
4
0
It's time to vote for your favorite Web Hacking Techniques of 2025 🗳️
portswigger.net/polls/top-10...
loading . . .
Top 10 web hacking techniques of 2025
Welcome to the community vote for the Top 10 Web Hacking Techniques of 2025.
https://portswigger.net/polls/top-10-web-hacking-techniques-2025
5 months ago
0
6
2
reposted by
Nicolas Grégoire
The 2026 online public sessions of my "Mastering Burp Suite Pro" course have been published 📅 - March 24th to 27th, in French 🇫🇷 - April 14th to 17th, in English 🇬🇧
hackademy.agarri.fr/2026
PS: feel free to ping me if you'd like to temporarily block a seat or are looking for a 10% coupon 🎁
loading . . .
Agarri
Training
https://hackademy.agarri.fr/2026
7 months ago
0
8
8
I'm slowly going though the talks from the CCC congress. Here's my favorites so far... ⤵️
6 months ago
1
1
1
reposted by
Nicolas Grégoire
Anna’s Archive is an incredible project aimed at preserving humanity’s knowledge and culture Their latest exploit is a near-full backup of Spotify. It includes 86 million songs, representing around 99.6% of listens 🎶
annas-archive.org/blog/backing...
loading . . .
Backing up Spotify
We backed up Spotify (metadata and music files). It’s distributed in bulk torrents (~300TB). It’s the world’s first “preservation archive” for music which is fully open (meaning it can easily be mirro...
https://annas-archive.org/blog/backing-up-spotify.html
6 months ago
0
13
6
Anna’s Archive is an incredible project aimed at preserving humanity’s knowledge and culture Their latest exploit is a near-full backup of Spotify. It includes 86 million songs, representing around 99.6% of listens 🎶
annas-archive.org/blog/backing...
loading . . .
Backing up Spotify
We backed up Spotify (metadata and music files). It’s distributed in bulk torrents (~300TB). It’s the world’s first “preservation archive” for music which is fully open (meaning it can easily be mirro...
https://annas-archive.org/blog/backing-up-spotify.html
6 months ago
0
13
6
reposted by
Nicolas Grégoire
SeanWrightSec
6 months ago
Looks like the final OWASP Top 10 (2025) has been published:
owasp.org/Top10/2025/
. Based on commits, looks like this happened 5 days ago.
loading . . .
OWASP Top 10:2025
OWASP Top 10:2025
https://owasp.org/Top10/2025/
0
7
1
reposted by
Nicolas Grégoire
6 months ago
Good read
github.com/readme/guide...
loading . . .
Publishing your work increases your luck
In 12 months, @aarondfrancis changed his life by bypassing fear and embracing risk. Now, he’s working his dream job @tuple. Get his full story on The ReadME Project:
https://github.com/readme/guides/publishing-your-work
0
2
3
reposted by
Nicolas Grégoire
The Hacker's Choice (1995)
6 months ago
THC Release 💥: The world’s largest IP<>Domain database:
ip.thc.org
All forward and reverse IPs, all CNAMES and all subdomains of every domain. For free. Updated monthly. Try: curl
ip.thc.org/1.1.1.1
Raw data (187GB):
ip.thc.org/docs/bulk-da...
(The fine work of messede 👌)
1
46
20
#Protip
Need to go really fast and HEAD is disabled? Use GET and the Range header...
6 months ago
0
5
0
reposted by
Nicolas Grégoire
Phrack Zine
7 months ago
The wait is over! Phrack 72 40th Anniversary Edition is available now. Order straight to your doorstep — the perfect gift for your fellow hacker, just in time for the holidays 🎄 No need to go to rely on the warez scene with scans anymore 😅 Order here:
www.lulu.com/shop/phrack-...
1
32
18
reposted by
Nicolas Grégoire
The Hacker's Choice (1995)
7 months ago
THC Release: 🎄Smallest SSHD backdoor🎄 - Does not add any new file - Survives apt-update - Does not use PAM or authorized_keys Just SSHD trickery....adds one line only. More at
thc.org/tips
👌
1
18
4
Looking for a Christmas gift for yourself?
#burp
#training
#2026 There’s 9 seats left for the English-speaking session, and 5 for the French-speaking one
add a skeleton here at some point
7 months ago
0
4
3
Great article 💎
add a skeleton here at some point
7 months ago
0
6
0
Printed version of Paged Out #7, collected during GreHack 2025 🤩
7 months ago
0
6
1
This vulnerability was the inspiration for the first step of the Panel challenge we played during last week’s Grehack CTF But we found a dumb bypass 😎
add a skeleton here at some point
7 months ago
0
4
1
reposted by
Nicolas Grégoire
Molly White
7 months ago
www.citationneeded.news/issue-91/#tr...
loading . . .
Issue 91 – GDP on the blockchain
The regulator set to take on primary crypto oversight is down to a single Commissioner, and new pro-crypto PACs focus on installing more Republicans in the midterms
https://www.citationneeded.news/issue-91/#trump-family-business-interests
0
47
3
reposted by
Nicolas Grégoire
ANSSI
7 months ago
📜 L’4N551 4 un3 m1551on 9our vou5. S1 vou5 l’4cc3973z, vou5 s3r3z 4m3n3 4 : *53rv1r l’1nt3r37 g3n3r4l 37 9ro73g3r l4 N471on f4c3 4 l4 m3n4c3 cy83r ; *1nc4rn3r l’3xc3ll3nc3 fr4nç4153 3n m4713r3 d3 cy83rd3f3n53. 9our 7rouv3r vo7r3 m1551on : 🔗
www.welcometothejungle.com/fr/companies...
0
8
7
Stealth (from Team-Teso, Phrack staff and other groups) passed away earlier this year 😢 I didn't know him personally, but his groundbreaking research has been a constant influence on my career
www.thc.org/404/
loading . . .
https://www.thc.org/404/
7 months ago
0
5
0
Here's the recording of the stream we made earlier this week with
@laluka.bsky.social
,
@thesytten.bsky.social
and
@rhynorater.bsky.social
If you speak French, you may appreciate its title: "Caido de Noël" 😄 🎁 🎅
www.youtube.com/watch?v=JvUm...
loading . . .
EP 208 EN | Caido de Noel ? Ft. @Agarri_FR @Rhynorater @TheSytten
YouTube video by Laluka
https://www.youtube.com/watch?v=JvUmHkUXed8
7 months ago
0
4
0
reposted by
Nicolas Grégoire
Matt Blaze
7 months ago
I really want to know the full story behind this epic hack, and yet I also hope it is never solved.
add a skeleton here at some point
14
331
79
reposted by
Nicolas Grégoire
Samuel Groß
7 months ago
I've uploaded the slides of my recent talk "JS Engine Security in 2025":
saelo.github.io/presentation...
. I think there'll also be a recording available at some point (otherwise I can make one as not everything's in the slides). Fantastic conference as usual, big thanks to the PoC Crew!
loading . . .
https://saelo.github.io/presentations/poc_25_js_engine_security_in_2025.pdf
0
22
11
The 2026 online public sessions of my "Mastering Burp Suite Pro" course have been published 📅 - March 24th to 27th, in French 🇫🇷 - April 14th to 17th, in English 🇬🇧
hackademy.agarri.fr/2026
PS: feel free to ping me if you'd like to temporarily block a seat or are looking for a 10% coupon 🎁
loading . . .
Agarri
Training
https://hackademy.agarri.fr/2026
7 months ago
0
8
8
A little command-line trick... 🛠️ 🤓 You can use `rev` twice in order to process something from right to left. For example, in order to sort /etc/passwd by shell: cat /etc/passwd | rev | sort | rev
7 months ago
1
0
1
La Quadrature du Net n'est pas contente des récents articles sur GrapheneOS, et elle a bien raison ! 👿 🇫🇷
add a skeleton here at some point
7 months ago
0
2
0
reposted by
Nicolas Grégoire
Evariste
8 months ago
This year, I have gone back to talk at cybersecurity conferences, presenting the talk "app.alert(1) is the new alert(1)", at BSides Sofia and BSides Krakow. I have analyzed 4 CVEs: now you can find 3 PoCs in my GitHub :) because slides are cool, but code is better:
github.com/luigigubello...
loading . . .
GitHub - luigigubello/bsides-2025: My talk "app.alert(1) is the new alert(1): PDF files as a vector to inject JavaScript code in web applications", presented at BSides Sofia 2025 and BSides Krakow 202...
My talk "app.alert(1) is the new alert(1): PDF files as a vector to inject JavaScript code in web applications", presented at BSides Sofia 2025 and BSides Krakow 2025. - luigigubello/bsid...
https://github.com/luigigubello/bsides-2025
0
5
4
reposted by
Nicolas Grégoire
Juliet Turner
7 months ago
POV: you are a young woman celebrating a recent academic success
3134
20274
4013
reposted by
Nicolas Grégoire
7 months ago
0
10
1
7 months ago
0
10
1
reposted by
Nicolas Grégoire
Laluka
7 months ago
Hoy, c'est CE SOIR à 21H ! Dernier heads-up, mettez votre meilleur rappel / mémo / réveil, ou demandez à votre chat de vous ping ! Au programme : Hack Web / Hack IoT / Devops / Troll / Stories / CLI Tools / AI / Red-Team & Le QUIZZ ! Ah, et des goodies à gagner aussi, bc why not ! 🙃
add a skeleton here at some point
0
2
2
reposted by
Nicolas Grégoire
NorthSec
7 months ago
🔗 Conférence complète/Full Talk:
youtu.be/pq0NMN9HHOY
🎟️ Billets/Tickets NorthSec 2026:
nsec.io
#NorthSec
#cybersecurity
#infosec
loading . . .
NorthSec 2025 - Wendy Nather - Keynote: A Tabletop As Big As the World
YouTube video by NorthSec
https://youtu.be/pq0NMN9HHOY
0
3
2
Argument injection (and RCE) in three distinct AI agents
blog.trailofbits.com/2025/10/22/p...
loading . . .
Prompt injection to RCE in AI agents
We bypassed human approval protections for system command execution in AI agents, achieving RCE in three agent platforms.
https://blog.trailofbits.com/2025/10/22/prompt-injection-to-rce-in-ai-agents/
8 months ago
0
8
5
How the hack of a card shuffler presented at Blackhat 2023 by IOActive was used IRL by the mafia and some NBA members
archive.is/7Pm1E
loading . . .
https://archive.is/7Pm1E
8 months ago
0
1
1
reposted by
Nicolas Grégoire
Laluka
8 months ago
LA soirée du 200ème épisode est annoncée ! 👀 RDV ce Mardi 18 à 21h sur (oui comme d'hab en fait..) : 💌
www.twitch.tv/thelaluka
💌
0
9
9
AppSec Ezine - 612th edition
#AppSec
#Security
📚
pathonproject.com/zb/?2aa664fa...
loading . . .
AppSec Ezine
https://pathonproject.com/zb/?2aa664faaf82292f#ZEfzy8qLJVy7uGGCPcDICfyL/lPz6UFi3aDFr8IvIrA=
8 months ago
0
0
0
Both Chrome and Firefox will disable XSLT in 2026 🪦 I fully agree with them: nobody uses this technology anymore in a browser, and it's full of bugs (as my previous research demonstrates)
bugzilla.mozilla.org/show_bug.cgi...
developer.chrome.com/docs/web-pla...
8 months ago
1
3
0
Load more
feeds!
log in