Nicolas Grégoire
@agarri.fr
Web hacker 😈
Burp Suite Pro trainer 👨🏫
Maintainer of @mastering-burp.agarri.fr 🛠️
Burp Suite Pro trainer 👨🏫
Maintainer of @mastering-burp.agarri.fr 🛠️
Pinned
Agarri
Training
hackademy.agarri.fr
The 2026 online public sessions of my "Mastering Burp Suite Pro" course have been published 📅
- March 24th to 27th, in French 🇫🇷
- April 14th to 17th, in English 🇬🇧
hackademy.agarri.fr/2026
PS: feel free to ping me if you'd like to temporarily block a seat or are looking for a 10% coupon 🎁
- March 24th to 27th, in French 🇫🇷
- April 14th to 17th, in English 🇬🇧
hackademy.agarri.fr/2026
PS: feel free to ping me if you'd like to temporarily block a seat or are looking for a 10% coupon 🎁
Reposted by Nicolas Grégoire
I really want to know the full story behind this epic hack, and yet I also hope it is never solved.
It's my favorite day! It's the 38th anniversary of the Max Headroom signal broadcast intrusion!
1st incident lasted 25s during the 9PM news on WGN-TV in Chicago; The 2nd, 2hrs later, lasted ~90s on PBS affiliate WTTW during Dr. Who.
You can watch it here: www.youtube.com/watch?v=oqge...
1st incident lasted 25s during the 9PM news on WGN-TV in Chicago; The 2nd, 2hrs later, lasted ~90s on PBS affiliate WTTW during Dr. Who.
You can watch it here: www.youtube.com/watch?v=oqge...
Max Headroom 1987 Broadcast Signal Intrusion Incident
YouTube video by andrew867
www.youtube.com
November 22, 2025 at 7:50 PM
I really want to know the full story behind this epic hack, and yet I also hope it is never solved.
Reposted by Nicolas Grégoire
I've uploaded the slides of my recent talk "JS Engine Security in 2025": saelo.github.io/presentation.... I think there'll also be a recording available at some point (otherwise I can make one as not everything's in the slides).
Fantastic conference as usual, big thanks to the PoC Crew!
Fantastic conference as usual, big thanks to the PoC Crew!
saelo.github.io
November 24, 2025 at 9:58 AM
I've uploaded the slides of my recent talk "JS Engine Security in 2025": saelo.github.io/presentation.... I think there'll also be a recording available at some point (otherwise I can make one as not everything's in the slides).
Fantastic conference as usual, big thanks to the PoC Crew!
Fantastic conference as usual, big thanks to the PoC Crew!
The 2026 online public sessions of my "Mastering Burp Suite Pro" course have been published 📅
- March 24th to 27th, in French 🇫🇷
- April 14th to 17th, in English 🇬🇧
hackademy.agarri.fr/2026
PS: feel free to ping me if you'd like to temporarily block a seat or are looking for a 10% coupon 🎁
- March 24th to 27th, in French 🇫🇷
- April 14th to 17th, in English 🇬🇧
hackademy.agarri.fr/2026
PS: feel free to ping me if you'd like to temporarily block a seat or are looking for a 10% coupon 🎁
Agarri
Training
hackademy.agarri.fr
November 24, 2025 at 10:14 AM
The 2026 online public sessions of my "Mastering Burp Suite Pro" course have been published 📅
- March 24th to 27th, in French 🇫🇷
- April 14th to 17th, in English 🇬🇧
hackademy.agarri.fr/2026
PS: feel free to ping me if you'd like to temporarily block a seat or are looking for a 10% coupon 🎁
- March 24th to 27th, in French 🇫🇷
- April 14th to 17th, in English 🇬🇧
hackademy.agarri.fr/2026
PS: feel free to ping me if you'd like to temporarily block a seat or are looking for a 10% coupon 🎁
A little command-line trick... 🛠️ 🤓
You can use `rev` twice in order to process something from right to left. For example, in order to sort /etc/passwd by shell:
cat /etc/passwd | rev | sort | rev
You can use `rev` twice in order to process something from right to left. For example, in order to sort /etc/passwd by shell:
cat /etc/passwd | rev | sort | rev
November 23, 2025 at 3:14 PM
A little command-line trick... 🛠️ 🤓
You can use `rev` twice in order to process something from right to left. For example, in order to sort /etc/passwd by shell:
cat /etc/passwd | rev | sort | rev
You can use `rev` twice in order to process something from right to left. For example, in order to sort /etc/passwd by shell:
cat /etc/passwd | rev | sort | rev
La Quadrature du Net n'est pas contente des récents articles sur GrapheneOS, et elle a bien raison ! 👿 🇫🇷
Deux articles du Parisien hier, suivis aujourd'hui d'un article du Figaro, ont lancé une offensive honteuse contre GrapheneOS, un système d'exploitation open-source pour téléphones, gratuit et accessible à tous et toutes.
archive.is/202511190825...
archive.is/202511190825...
archive.is
November 21, 2025 at 11:08 AM
La Quadrature du Net n'est pas contente des récents articles sur GrapheneOS, et elle a bien raison ! 👿 🇫🇷
Reposted by Nicolas Grégoire
This year, I have gone back to talk at cybersecurity conferences, presenting the talk "app.alert(1) is the new alert(1)", at BSides Sofia and BSides Krakow. I have analyzed 4 CVEs: now you can find 3 PoCs in my GitHub :) because slides are cool, but code is better: github.com/luigigubello...
GitHub - luigigubello/bsides-2025: My talk "app.alert(1) is the new alert(1): PDF files as a vector to inject JavaScript code in web applications", presented at BSides Sofia 2025 and BSides Krakow 202...
My talk "app.alert(1) is the new alert(1): PDF files as a vector to inject JavaScript code in web applications", presented at BSides Sofia 2025 and BSides Krakow 2025. - luigigubello/bsid...
github.com
November 10, 2025 at 9:39 AM
This year, I have gone back to talk at cybersecurity conferences, presenting the talk "app.alert(1) is the new alert(1)", at BSides Sofia and BSides Krakow. I have analyzed 4 CVEs: now you can find 3 PoCs in my GitHub :) because slides are cool, but code is better: github.com/luigigubello...
Reposted by Nicolas Grégoire
POV: you are a young woman celebrating a recent academic success
November 17, 2025 at 7:20 PM
POV: you are a young woman celebrating a recent academic success
Reposted by Nicolas Grégoire
Reposted by Nicolas Grégoire
Hoy, c'est CE SOIR à 21H !
Dernier heads-up, mettez votre meilleur rappel / mémo / réveil, ou demandez à votre chat de vous ping !
Au programme : Hack Web / Hack IoT / Devops / Troll / Stories / CLI Tools / AI / Red-Team & Le QUIZZ !
Ah, et des goodies à gagner aussi, bc why not ! 🙃
Dernier heads-up, mettez votre meilleur rappel / mémo / réveil, ou demandez à votre chat de vous ping !
Au programme : Hack Web / Hack IoT / Devops / Troll / Stories / CLI Tools / AI / Red-Team & Le QUIZZ !
Ah, et des goodies à gagner aussi, bc why not ! 🙃
LA soirée du 200ème épisode est annoncée ! 👀
RDV ce Mardi 18 à 21h sur (oui comme d'hab en fait..) :
💌 www.twitch.tv/thelaluka 💌
RDV ce Mardi 18 à 21h sur (oui comme d'hab en fait..) :
💌 www.twitch.tv/thelaluka 💌
November 18, 2025 at 9:22 AM
Hoy, c'est CE SOIR à 21H !
Dernier heads-up, mettez votre meilleur rappel / mémo / réveil, ou demandez à votre chat de vous ping !
Au programme : Hack Web / Hack IoT / Devops / Troll / Stories / CLI Tools / AI / Red-Team & Le QUIZZ !
Ah, et des goodies à gagner aussi, bc why not ! 🙃
Dernier heads-up, mettez votre meilleur rappel / mémo / réveil, ou demandez à votre chat de vous ping !
Au programme : Hack Web / Hack IoT / Devops / Troll / Stories / CLI Tools / AI / Red-Team & Le QUIZZ !
Ah, et des goodies à gagner aussi, bc why not ! 🙃
Reposted by Nicolas Grégoire
🔗 Conférence complète/Full Talk: youtu.be/pq0NMN9HHOY
🎟️ Billets/Tickets NorthSec 2026: nsec.io
#NorthSec #cybersecurity #infosec
🎟️ Billets/Tickets NorthSec 2026: nsec.io
#NorthSec #cybersecurity #infosec
NorthSec 2025 - Wendy Nather - Keynote: A Tabletop As Big As the World
YouTube video by NorthSec
youtu.be
November 16, 2025 at 8:48 PM
🔗 Conférence complète/Full Talk: youtu.be/pq0NMN9HHOY
🎟️ Billets/Tickets NorthSec 2026: nsec.io
#NorthSec #cybersecurity #infosec
🎟️ Billets/Tickets NorthSec 2026: nsec.io
#NorthSec #cybersecurity #infosec
How the hack of a card shuffler presented at Blackhat 2023 by IOActive was used IRL by the mafia and some NBA members
archive.is/7Pm1E
archive.is/7Pm1E
archive.is
November 16, 2025 at 3:15 AM
How the hack of a card shuffler presented at Blackhat 2023 by IOActive was used IRL by the mafia and some NBA members
archive.is/7Pm1E
archive.is/7Pm1E
Reposted by Nicolas Grégoire
LA soirée du 200ème épisode est annoncée ! 👀
RDV ce Mardi 18 à 21h sur (oui comme d'hab en fait..) :
💌 www.twitch.tv/thelaluka 💌
RDV ce Mardi 18 à 21h sur (oui comme d'hab en fait..) :
💌 www.twitch.tv/thelaluka 💌
November 13, 2025 at 4:06 PM
LA soirée du 200ème épisode est annoncée ! 👀
RDV ce Mardi 18 à 21h sur (oui comme d'hab en fait..) :
💌 www.twitch.tv/thelaluka 💌
RDV ce Mardi 18 à 21h sur (oui comme d'hab en fait..) :
💌 www.twitch.tv/thelaluka 💌
Both Chrome and Firefox will disable XSLT in 2026 🪦
I fully agree with them: nobody uses this technology anymore in a browser, and it's full of bugs (as my previous research demonstrates)
bugzilla.mozilla.org/show_bug.cgi...
developer.chrome.com/docs/web-pla...
I fully agree with them: nobody uses this technology anymore in a browser, and it's full of bugs (as my previous research demonstrates)
bugzilla.mozilla.org/show_bug.cgi...
developer.chrome.com/docs/web-pla...
November 12, 2025 at 4:10 PM
Both Chrome and Firefox will disable XSLT in 2026 🪦
I fully agree with them: nobody uses this technology anymore in a browser, and it's full of bugs (as my previous research demonstrates)
bugzilla.mozilla.org/show_bug.cgi...
developer.chrome.com/docs/web-pla...
I fully agree with them: nobody uses this technology anymore in a browser, and it's full of bugs (as my previous research demonstrates)
bugzilla.mozilla.org/show_bug.cgi...
developer.chrome.com/docs/web-pla...
Reposted by Nicolas Grégoire
The release candidate of the OWASP Top 10 2025 has been released
owasp.org/Top10/2025/0...
The definitive release should be out on November 20th
owasp.org/Top10/2025/0...
The definitive release should be out on November 20th
Introduction - OWASP Top 10:2025 RC1
OWASP Top 10:2025 RC1
owasp.org
November 7, 2025 at 12:19 PM
The release candidate of the OWASP Top 10 2025 has been released
owasp.org/Top10/2025/0...
The definitive release should be out on November 20th
owasp.org/Top10/2025/0...
The definitive release should be out on November 20th
Bizarrement, personne ne brandit l’article 40 du CPP pour les vidéos de Sainte-Soline publiées par Libération… 🥴
www.dailymotion.com/video/k1Tvpm...
www.dailymotion.com/video/k1Tvpm...
Tirs interdits et volonté de blesser : révélations sur les violences des gendarmes à Sainte-Soline
Dailymotion video by Libération
www.dailymotion.com
November 9, 2025 at 6:58 PM
Bizarrement, personne ne brandit l’article 40 du CPP pour les vidéos de Sainte-Soline publiées par Libération… 🥴
www.dailymotion.com/video/k1Tvpm...
www.dailymotion.com/video/k1Tvpm...
The release candidate of the OWASP Top 10 2025 has been released
owasp.org/Top10/2025/0...
The definitive release should be out on November 20th
owasp.org/Top10/2025/0...
The definitive release should be out on November 20th
Introduction - OWASP Top 10:2025 RC1
OWASP Top 10:2025 RC1
owasp.org
November 7, 2025 at 12:19 PM
The release candidate of the OWASP Top 10 2025 has been released
owasp.org/Top10/2025/0...
The definitive release should be out on November 20th
owasp.org/Top10/2025/0...
The definitive release should be out on November 20th
Reposted by Nicolas Grégoire
If you still haven't: set up a JS file monitor to send you notifications via Telegram or Slack every time your target app JavaScript gets updated, a great way to stay on top of updates 👾
https://github.com/robre/jsmon
There's also a fork with Discord support:
https://github.com/robre/jsmon
There's also a fork with Discord support:
GitHub - seczq/jsmon: a javascript change monitoring tool for bugbounties
a javascript change monitoring tool for bugbounties - GitHub - seczq/jsmon: a javascript change monitoring tool for bugbounties
github.com
November 7, 2025 at 9:38 AM
If you still haven't: set up a JS file monitor to send you notifications via Telegram or Slack every time your target app JavaScript gets updated, a great way to stay on top of updates 👾
https://github.com/robre/jsmon
There's also a fork with Discord support:
https://github.com/robre/jsmon
There's also a fork with Discord support:
Reposted by Nicolas Grégoire
"who radicalized you"
Nothing radicalized me, I was born with basic empathy. The world decided that was radical.
Nothing radicalized me, I was born with basic empathy. The world decided that was radical.
November 5, 2025 at 5:47 PM
"who radicalized you"
Nothing radicalized me, I was born with basic empathy. The world decided that was radical.
Nothing radicalized me, I was born with basic empathy. The world decided that was radical.
If you want to see beautiful pictures (and that’s an euphemism) in your feed, simply follow @armandsarlangue.bsky.social
November 7, 2025 at 8:15 AM
If you want to see beautiful pictures (and that’s an euphemism) in your feed, simply follow @armandsarlangue.bsky.social
If this is NOT corruption, then I wonder what corruption looks like 🤔
Newsletter: Faced with blowback over his pardon of Binance founder Changpeng Zhao, President Trump has offered a curious defense: he doesn’t even know the guy.
Trump says he has “no idea” who he just pardoned
President Trump reacts to condemnations of his recent pardon of Binance founder Changpeng Zhao by claiming he doesn’t know who he is.
www.citationneeded.news
November 7, 2025 at 7:20 AM
If this is NOT corruption, then I wonder what corruption looks like 🤔
Reposted by Nicolas Grégoire
How an ex-L3Harris Trenchant boss stole and sold cyber exploits to Russia:
techcrunch.com/2025/11/03/h...
#exploit #exploitation #zeroday #infosec #informationsecurity #cybersecurity
techcrunch.com/2025/11/03/h...
#exploit #exploitation #zeroday #infosec #informationsecurity #cybersecurity
How an ex-L3Harris Trenchant boss stole and sold cyber exploits to Russia | TechCrunch
Peter Williams sold eight exploits to a Russian zero-day broker by smuggling them from his employer’s highly secured air-gapped network. A court document, plus exclusive reporting by TechCrunch and in...
techcrunch.com
November 4, 2025 at 9:16 PM
How an ex-L3Harris Trenchant boss stole and sold cyber exploits to Russia:
techcrunch.com/2025/11/03/h...
#exploit #exploitation #zeroday #infosec #informationsecurity #cybersecurity
techcrunch.com/2025/11/03/h...
#exploit #exploitation #zeroday #infosec #informationsecurity #cybersecurity