Please tell your friends, four weeks before @phrack.org submission deadline! We also are seeking both interior and cover art. We are working with our friends at @pagedout.bsky.social again to create a fancy interior design for our main annual release!! Be a part of hacker history!

À 42 balais je trouve toujours absolument fantastique de pouvoir prendre un verre assis dans une boîte en métal qui roule à 300km/h tout en regardant le paysage. Petit plaisir coupable personnel !

Every time I see a feature that's supposed to happen once (applying coupon codes, making withdrawals, vote counts, redeeming invites, etc.), I try Turbo Intruder. These bugs are everywhere.

En cette chaude semaine qui commence, vous vous dites : 1️⃣ Je vais à Le Hack 2️⃣ Je vais au Hack

I'm not here to brag, but I really think that most people have no idea of the gap between their usage of Burp Suite Pro and what is actually possible...

Once again, WarConPL was a blast 👨‍💻🍽️🍺🍸🪩🕺 I hope it wasn't the last edition, despite all the rumors 🤞 And if it was, too bad & thanks antisnatchor and h0wlu for all the fish 🥰

I'll give a single public on-site Burp Suite Pro training session this year, and it will be in RomHack 🇮🇹 (registration link in replies) And if you're not sure this course would fit you, just give a look at this recent feedback

A very interesting read 💎 www.sentinelone.com/labs/fast16-...

Feeling lazy but dreaming of posting like your favorite influencer? Here's a solution ✨🤖✨ www.cringebot3000.com

Come to Roma 🇮🇹 in September and attend the only in-person public training session I'll give in 2026! 👨‍🏫 And if you like camping with other hackers (as I do), stay over the weekend for the 3-day long RomHack Camp 🏕️ romhack.io/training/

Another highly satisfied trainee 😎 👨‍🏫 If you want to take the online version of my Burp Suite course, there are two opportunities really soon (March in French, April in English) hackademy.agarri.fr/sessions And if you want to indulge your company a private session (like this company did), ping me!

Spring is just around the corner, and that's when I offer online training courses on Burp Suite Pro 👨‍🏫 Two sessions are planned (in English and French), and there are still a few spots left in each. Contact me to get an early-bird discount code! 💰

Spring is just around the corner, and that's when I offer online training courses on Burp Suite Pro 👨‍🏫 Two sessions are planned (in English and French), and there are still a few spots left in each. Contact me to get an early-bird discount code! 💰

Thanks to everyone who nominated & voted in the top ten! The panel of @irsdl.bsky.social , @agarri.fr , @liveoverflow.bsky.social and myself are hard at work reviewing the 15 finalists... we're hoping to announce the winners next week!

In case you didn't vote yet (2 days left!), let me tell you that your participation is critical 🗳️ Indeed, the panel (that I'm part of) will only process the top X results and it may contain some sh*tty entries (because of ballot stuffing 🥴) So please do your part! 🙏

It's time to vote for your favorite Web Hacking Techniques of 2025 🗳️ portswigger.net/polls/top-10...

The 2026 online public sessions of my "Mastering Burp Suite Pro" course have been published 📅 - March 24th to 27th, in French 🇫🇷 - April 14th to 17th, in English 🇬🇧 hackademy.agarri.fr/2026 PS: feel free to ping me if you'd like to temporarily block a seat or are looking for a 10% coupon 🎁

I'm slowly going though the talks from the CCC congress. Here's my favorites so far... ⤵️

Anna’s Archive is an incredible project aimed at preserving humanity’s knowledge and culture Their latest exploit is a near-full backup of Spotify. It includes 86 million songs, representing around 99.6% of listens 🎶 annas-archive.org/blog/backing...

Anna’s Archive is an incredible project aimed at preserving humanity’s knowledge and culture Their latest exploit is a near-full backup of Spotify. It includes 86 million songs, representing around 99.6% of listens 🎶 annas-archive.org/blog/backing...

Looks like the final OWASP Top 10 (2025) has been published: owasp.org/Top10/2025/. Based on commits, looks like this happened 5 days ago.

Good read github.com/readme/guide...

THC Release 💥: The world’s largest IP<>Domain database: ip.thc.org All forward and reverse IPs, all CNAMES and all subdomains of every domain. For free. Updated monthly. Try: curl ip.thc.org/1.1.1.1 Raw data (187GB): ip.thc.org/docs/bulk-da... (The fine work of messede 👌)

#Protip Need to go really fast and HEAD is disabled? Use GET and the Range header...

The wait is over! Phrack 72 40th Anniversary Edition is available now. Order straight to your doorstep — the perfect gift for your fellow hacker, just in time for the holidays 🎄 No need to go to rely on the warez scene with scans anymore 😅 Order here: www.lulu.com/shop/phrack-...

THC Release: 🎄Smallest SSHD backdoor🎄 - Does not add any new file - Survives apt-update - Does not use PAM or authorized_keys Just SSHD trickery....adds one line only. More at thc.org/tips 👌

Looking for a Christmas gift for yourself? #burp #training #2026 There’s 9 seats left for the English-speaking session, and 5 for the French-speaking one

Great article 💎

Printed version of Paged Out #7, collected during GreHack 2025 🤩

This vulnerability was the inspiration for the first step of the Panel challenge we played during last week’s Grehack CTF But we found a dumb bypass 😎

📜 L’4N551 4 un3 m1551on 9our vou5. S1 vou5 l’4cc3973z, vou5 s3r3z 4m3n3 4 : *53rv1r l’1nt3r37 g3n3r4l 37 9ro73g3r l4 N471on f4c3 4 l4 m3n4c3 cy83r ; *1nc4rn3r l’3xc3ll3nc3 fr4nç4153 3n m4713r3 d3 cy83rd3f3n53. 9our 7rouv3r vo7r3 m1551on : 🔗 www.welcometothejungle.com/fr/companies...

Stealth (from Team-Teso, Phrack staff and other groups) passed away earlier this year 😢 I didn't know him personally, but his groundbreaking research has been a constant influence on my career www.thc.org/404/

Here's the recording of the stream we made earlier this week with @laluka.bsky.social, @thesytten.bsky.social and @rhynorater.bsky.social If you speak French, you may appreciate its title: "Caido de Noël" 😄 🎁 🎅 www.youtube.com/watch?v=JvUm...

I really want to know the full story behind this epic hack, and yet I also hope it is never solved.

I've uploaded the slides of my recent talk "JS Engine Security in 2025": saelo.github.io/presentation.... I think there'll also be a recording available at some point (otherwise I can make one as not everything's in the slides). Fantastic conference as usual, big thanks to the PoC Crew!

The 2026 online public sessions of my "Mastering Burp Suite Pro" course have been published 📅 - March 24th to 27th, in French 🇫🇷 - April 14th to 17th, in English 🇬🇧 hackademy.agarri.fr/2026 PS: feel free to ping me if you'd like to temporarily block a seat or are looking for a 10% coupon 🎁

A little command-line trick... 🛠️ 🤓 You can use `rev` twice in order to process something from right to left. For example, in order to sort /etc/passwd by shell: cat /etc/passwd | rev | sort | rev

La Quadrature du Net n'est pas contente des récents articles sur GrapheneOS, et elle a bien raison ! 👿 🇫🇷

This year, I have gone back to talk at cybersecurity conferences, presenting the talk "app.alert(1) is the new alert(1)", at BSides Sofia and BSides Krakow. I have analyzed 4 CVEs: now you can find 3 PoCs in my GitHub :) because slides are cool, but code is better: github.com/luigigubello...

POV: you are a young woman celebrating a recent academic success

Hoy, c'est CE SOIR à 21H ! Dernier heads-up, mettez votre meilleur rappel / mémo / réveil, ou demandez à votre chat de vous ping ! Au programme : Hack Web / Hack IoT / Devops / Troll / Stories / CLI Tools / AI / Red-Team & Le QUIZZ ! Ah, et des goodies à gagner aussi, bc why not ! 🙃

🔗 Conférence complète/Full Talk: youtu.be/pq0NMN9HHOY 🎟️ Billets/Tickets NorthSec 2026: nsec.io #NorthSec #cybersecurity #infosec

Argument injection (and RCE) in three distinct AI agents blog.trailofbits.com/2025/10/22/p...

How the hack of a card shuffler presented at Blackhat 2023 by IOActive was used IRL by the mafia and some NBA members archive.is/7Pm1E

LA soirée du 200ème épisode est annoncée ! 👀 RDV ce Mardi 18 à 21h sur (oui comme d'hab en fait..) : 💌 www.twitch.tv/thelaluka 💌

AppSec Ezine - 612th edition #AppSec #Security 📚 pathonproject.com/zb/?2aa664fa...

Both Chrome and Firefox will disable XSLT in 2026 🪦 I fully agree with them: nobody uses this technology anymore in a browser, and it's full of bugs (as my previous research demonstrates) bugzilla.mozilla.org/show_bug.cgi... developer.chrome.com/docs/web-pla...