LinkedIn CringeBot 3000 | 🛠️ Nicolas Gregoire Feeling lazy but dreaming of posting like your favorite influencer? Here's a solution: https://lnkd.in/eKYFiwW8

I generated a few entries and posted the worst (or the best? 🤔) on Linkedin 🤪 www.linkedin.com/feed/update/...

Feeling lazy but dreaming of posting like your favorite influencer?

Here's a solution ✨🤖✨ www.cringebot3000.com

Come to Roma 🇮🇹 in September and attend the only in-person public training session I'll give in 2026! 👨‍🏫

And if you like camping with other hackers (as I do), stay over the weekend for the 3-day long RomHack Camp 🏕️

romhack.io/training/

Last week, I had the opportunity to attend the 4-day Mastering Burp Suite Pro training by 🛠️ Nicolas Gregoire, and it exceeded my expectations by far. This wasn’t just another slide-driven course. Nicolas took the time to answer every question in depth and provided plenty of hands-on labs, allowing us to immediately apply what had just been explained. Even though I’ve been working with Burp for nearly five years, I still picked up a surprising number of new techniques and practical tricks, including ways to streamline otherwise time-consuming workflows such as managing CSRF tokens both with and without session handling rules. What I especially appreciated were the little side explorations (driven by our requests) into methodologies for leveraging features and extensions to remain stealthy or bypass WAFs. This is something that’s particularly relevant (and often underestimated) when exploiting external or internal web applications during advanced Red Team engagements. I’m genuinely looking forward to applying this newly gained knowledge in upcoming projects, and I can wholeheartedly recommend this training to any (web) pentester who wants to level up their Burp skills. Big thanks to Nicolas for an excellent and highly practical course!

Another highly satisfied trainee 😎 👨‍🏫

If you want to take the online version of my Burp Suite course, there are two opportunities really soon (March in French, April in English) hackademy.agarri.fr/sessions

And if you want to indulge your company a private session (like this company did), ping me!

Agarri Training

Spring is just around the corner, and that's when I offer online training courses on Burp Suite Pro 👨‍🏫 Two sessions are planned (in English and French), and there are still a few spots left in each.

Contact me to get an early-bird discount code! 💰

Agarri Training

Spring is just around the corner, and that's when I offer online training courses on Burp Suite Pro 👨‍🏫 Two sessions are planned (in English and French), and there are still a few spots left in each.

Contact me to get an early-bird discount code! 💰

Thanks to everyone who nominated & voted in the top ten! The panel of @irsdl.bsky.social , @agarri.fr , @liveoverflow.bsky.social and myself are hard at work reviewing the 15 finalists... we're hoping to announce the winners next week!

In case you didn't vote yet (2 days left!), let me tell you that your participation is critical 🗳️

Indeed, the panel (that I'm part of) will only process the top X results and it may contain some sh*tty entries (because of ballot stuffing 🥴)

So please do your part! 🙏

Top 10 web hacking techniques of 2025 Welcome to the community vote for the Top 10 Web Hacking Techniques of 2025.

It's time to vote for your favorite Web Hacking Techniques of 2025 🗳️

portswigger.net/polls/top-10...

Agarri Training

The 2026 online public sessions of my "Mastering Burp Suite Pro" course have been published 📅

- March 24th to 27th, in French 🇫🇷
- April 14th to 17th, in English 🇬🇧

hackademy.agarri.fr/2026

PS: feel free to ping me if you'd like to temporarily block a seat or are looking for a 10% coupon 🎁

Hacking washing machines Almost everyone has a household appliance at home, whether it's a washing machine, dishwasher, or dryer. Despite their ubiquity, little i...

Hacking washing machines

media.ccc.de/v/39c3-hacki...

To sign or not to sign: Practical vulnerabilities in GPG & friends Might contain zerodays. https://gpg.fail/ From secure communications to software updates: PGP implementations such as *GnuPG* ubiquitous...

To sign or not to sign: Practical vulnerabilities in GPG & friends

media.ccc.de/v/39c3-to-si...

I'm slowly going though the talks from the CCC congress. Here's my favorites so far... ⤵️

Backing up Spotify We backed up Spotify (metadata and music files). It’s distributed in bulk torrents (~300TB). It’s the world’s first “preservation archive” for music which is fully open (meaning it can easily be mirro...

Anna’s Archive is an incredible project aimed at preserving humanity’s knowledge and culture

Their latest exploit is a near-full backup of Spotify. It includes 86 million songs, representing around 99.6% of listens 🎶

annas-archive.org/blog/backing...

Backing up Spotify We backed up Spotify (metadata and music files). It’s distributed in bulk torrents (~300TB). It’s the world’s first “preservation archive” for music which is fully open (meaning it can easily be mirro...

Anna’s Archive is an incredible project aimed at preserving humanity’s knowledge and culture

Their latest exploit is a near-full backup of Spotify. It includes 86 million songs, representing around 99.6% of listens 🎶

annas-archive.org/blog/backing...

Looks like the final OWASP Top 10 (2025) has been published: owasp.org/Top10/2025/.

Based on commits, looks like this happened 5 days ago.

Publishing your work increases your luck In 12 months, @aarondfrancis changed his life by bypassing fear and embracing risk. Now, he’s working his dream job @tuple. Get his full story on The ReadME Project:

Good read github.com/readme/guide...

THC Release 💥: The world’s largest IP<>Domain database: ip.thc.org

All forward and reverse IPs, all CNAMES and all subdomains of every domain. For free.

Updated monthly.

Try: curl ip.thc.org/1.1.1.1

Raw data (187GB): ip.thc.org/docs/bulk-da...

(The fine work of messede 👌)

#Protip Need to go really fast and HEAD is disabled?
Use GET and the Range header...

The wait is over! Phrack 72 40th Anniversary Edition is available now.

Order straight to your doorstep — the perfect gift for your fellow hacker, just in time for the holidays 🎄

No need to go to rely on the warez scene with scans anymore 😅

Order here: www.lulu.com/shop/phrack-...

THC Release: 🎄Smallest SSHD backdoor🎄

- Does not add any new file
- Survives apt-update
- Does not use PAM or authorized_keys

Just SSHD trickery....adds one line only.

More at thc.org/tips 👌

Looking for a Christmas gift for yourself? #burp #training #2026

There’s 9 seats left for the English-speaking session, and 5 for the French-speaking one

Great article 💎

Printed version of Paged Out #7, collected during GreHack 2025

Printed version of Paged Out #7, collected during GreHack 2025 🤩

This vulnerability was the inspiration for the first step of the Panel challenge we played during last week’s Grehack CTF

But we found a dumb bypass 😎

Issue 91 – GDP on the blockchain The regulator set to take on primary crypto oversight is down to a single Commissioner, and new pro-crypto PACs focus on installing more Republicans in the midterms

www.citationneeded.news/issue-91/#tr...

L’4N551 4 un3 m1551on 9our vou5 :

📜 L’4N551 4 un3 m1551on 9our vou5.

S1 vou5 l’4cc3973z, vou5 s3r3z 4m3n3 4 :
*53rv1r l’1nt3r37 g3n3r4l 37 9ro73g3r l4 N471on f4c3 4 l4 m3n4c3 cy83r ;
*1nc4rn3r l’3xc3ll3nc3 fr4nç4153 3n m4713r3 d3 cy83rd3f3n53.

9our 7rouv3r vo7r3 m1551on :
🔗 www.welcometothejungle.com/fr/companies...

Stealth (from Team-Teso, Phrack staff and other groups) passed away earlier this year 😢

I didn't know him personally, but his groundbreaking research has been a constant influence on my career

www.thc.org/404/

EP 208 EN | Caido de Noel ? Ft. @Agarri_FR @Rhynorater @TheSytten YouTube video by Laluka

Here's the recording of the stream we made earlier this week with @laluka.bsky.social, @thesytten.bsky.social and @rhynorater.bsky.social

If you speak French, you may appreciate its title: "Caido de Noël" 😄 🎁 🎅

www.youtube.com/watch?v=JvUm...

I really want to know the full story behind this epic hack, and yet I also hope it is never solved.