Nicolas Grégoire
LightNews LightNews
agarri.fr
Nicolas Grégoire
@agarri.fr
4.4K followers 620 following 1K posts
Web hacker 😈
Burp Suite Pro trainer 👨‍🏫
Maintainer of @mastering-burp.agarri.fr 🛠️
Posts Replies Media Videos
agarri.fr
La Quadrature du Net n'est pas contente des récents articles sur GrapheneOS, et elle a bien raison ! 👿 🇫🇷
laquadrature.bsky.social La Quadrature du Net @laquadrature.bsky.social · 1d
Deux articles du Parisien hier, suivis aujourd'hui d'un article du Figaro, ont lancé une offensive honteuse contre GrapheneOS, un système d'exploitation open-source pour téléphones, gratuit et accessible à tous et toutes.

archive.is/202511190825...
archive.is
November 21, 2025 at 11:08 AM
Reposted by Nicolas Grégoire
evaristegal0is.bsky.social
This year, I have gone back to talk at cybersecurity conferences, presenting the talk "app.alert(1) is the new alert(1)", at BSides Sofia and BSides Krakow. I have analyzed 4 CVEs: now you can find 3 PoCs in my GitHub :) because slides are cool, but code is better: github.com/luigigubello...
GitHub - luigigubello/bsides-2025: My talk "app.alert(1) is the new alert(1): PDF files as a vector to inject JavaScript code in web applications", presented at BSides Sofia 2025 and BSides Krakow 202...
My talk "app.alert(1) is the new alert(1): PDF files as a vector to inject JavaScript code in web applications", presented at BSides Sofia 2025 and BSides Krakow 2025. - luigigubello/bsid...
github.com
November 10, 2025 at 9:39 AM
Reposted by Nicolas Grégoire
juliet-turner.bsky.social
POV: you are a young woman celebrating a recent academic success
November 17, 2025 at 7:20 PM
Reposted by Nicolas Grégoire
agarri.fr
A nice sunset
November 19, 2025 at 8:13 PM
agarri.fr
A nice sunset
November 19, 2025 at 8:13 PM
Reposted by Nicolas Grégoire
laluka.bsky.social
Hoy, c'est CE SOIR à 21H !

Dernier heads-up, mettez votre meilleur rappel / mémo / réveil, ou demandez à votre chat de vous ping !

Au programme : Hack Web / Hack IoT / Devops / Troll / Stories / CLI Tools / AI / Red-Team & Le QUIZZ !

Ah, et des goodies à gagner aussi, bc why not ! 🙃
laluka.bsky.social Laluka @laluka.bsky.social · 8d
LA soirée du 200ème épisode est annoncée ! 👀
RDV ce Mardi 18 à 21h sur (oui comme d'hab en fait..) :
💌 www.twitch.tv/thelaluka 💌
November 18, 2025 at 9:22 AM
Reposted by Nicolas Grégoire
nsec.io
🔗 Conférence complète/Full Talk: youtu.be/pq0NMN9HHOY
🎟️ Billets/Tickets NorthSec 2026: nsec.io

#NorthSec #cybersecurity #infosec
NorthSec 2025 - Wendy Nather - Keynote: A Tabletop As Big As the World
YouTube video by NorthSec
youtu.be
November 16, 2025 at 8:48 PM
agarri.fr
Argument injection (and RCE) in three distinct AI agents

blog.trailofbits.com/2025/10/22/p...
Prompt injection to RCE in AI agents
We bypassed human approval protections for system command execution in AI agents, achieving RCE in three agent platforms.
blog.trailofbits.com
November 16, 2025 at 3:16 AM
agarri.fr
How the hack of a card shuffler presented at Blackhat 2023 by IOActive was used IRL by the mafia and some NBA members

archive.is/7Pm1E
archive.is
November 16, 2025 at 3:15 AM
Reposted by Nicolas Grégoire
laluka.bsky.social
LA soirée du 200ème épisode est annoncée ! 👀
RDV ce Mardi 18 à 21h sur (oui comme d'hab en fait..) :
💌 www.twitch.tv/thelaluka 💌
November 13, 2025 at 4:06 PM
agarri.fr
AppSec Ezine - 612th edition #AppSec #Security 📚

pathonproject.com/zb/?2aa664fa...
AppSec Ezine
pathonproject.com
November 14, 2025 at 12:48 PM
agarri.fr
Both Chrome and Firefox will disable XSLT in 2026 🪦

I fully agree with them: nobody uses this technology anymore in a browser, and it's full of bugs (as my previous research demonstrates)

bugzilla.mozilla.org/show_bug.cgi...

developer.chrome.com/docs/web-pla...
November 12, 2025 at 4:10 PM
Reposted by Nicolas Grégoire
agarri.fr
The release candidate of the OWASP Top 10 2025 has been released

owasp.org/Top10/2025/0...

The definitive release should be out on November 20th
Introduction - OWASP Top 10:2025 RC1
OWASP Top 10:2025 RC1
owasp.org
November 7, 2025 at 12:19 PM
agarri.fr
Bizarrement, personne ne brandit l’article 40 du CPP pour les vidéos de Sainte-Soline publiées par Libération… 🥴

www.dailymotion.com/video/k1Tvpm...
Tirs interdits et volonté de blesser : révélations sur les violences des gendarmes à Sainte-Soline
Dailymotion video by Libération
www.dailymotion.com
November 9, 2025 at 6:58 PM
agarri.fr
AppSec Ezine - 611th edition #AppSec #Security

pathonproject.com/zb/?7a6539c0...
AppSec Ezine
pathonproject.com
November 7, 2025 at 1:26 PM
agarri.fr
The release candidate of the OWASP Top 10 2025 has been released

owasp.org/Top10/2025/0...

The definitive release should be out on November 20th
Introduction - OWASP Top 10:2025 RC1
OWASP Top 10:2025 RC1
owasp.org
November 7, 2025 at 12:19 PM
Reposted by Nicolas Grégoire
0xacb.com
If you still haven't: set up a JS file monitor to send you notifications via Telegram or Slack every time your target app JavaScript gets updated, a great way to stay on top of updates 👾

https://github.com/robre/jsmon

There's also a fork with Discord support:
GitHub - seczq/jsmon: a javascript change monitoring tool for bugbounties
a javascript change monitoring tool for bugbounties - GitHub - seczq/jsmon: a javascript change monitoring tool for bugbounties
github.com
November 7, 2025 at 9:38 AM
Reposted by Nicolas Grégoire
kaitlinkallee.bsky.social
"who radicalized you"

Nothing radicalized me, I was born with basic empathy. The world decided that was radical.
November 5, 2025 at 5:47 PM
agarri.fr
If you want to see beautiful pictures (and that’s an euphemism) in your feed, simply follow @armandsarlangue.bsky.social
November 7, 2025 at 8:15 AM
agarri.fr
If this is NOT corruption, then I wonder what corruption looks like 🤔
molly.wiki Molly White @molly.wiki · 18d
Newsletter: Faced with blowback over his pardon of Binance founder Changpeng Zhao, President Trump has offered a curious defense: he doesn’t even know the guy.
Trump says he has “no idea” who he just pardoned
President Trump reacts to condemnations of his recent pardon of Binance founder Changpeng Zhao by claiming he doesn’t know who he is.
www.citationneeded.news
November 7, 2025 at 7:20 AM
Reposted by Nicolas Grégoire
alexandreborges.bsky.social
How an ex-L3Harris Trenchant boss stole and sold cyber exploits to Russia:

techcrunch.com/2025/11/03/h...

#exploit #exploitation #zeroday #infosec #informationsecurity #cybersecurity
How an ex-L3Harris Trenchant boss stole and sold cyber exploits to Russia | TechCrunch
Peter Williams sold eight exploits to a Russian zero-day broker by smuggling them from his employer’s highly secured air-gapped network. A court document, plus exclusive reporting by TechCrunch and in...
techcrunch.com
November 4, 2025 at 9:16 PM
agarri.fr
Ackman’s take is ridiculous 🤡
molly.wiki Molly White @molly.wiki · 17d
It’s been fun watching Ackman flip-flop on prediction markets depending on what they show.

Sept 7: “directionally correct”, “you can have much greater confidence in the accuracy of their predictions”

Oct 28: “it takes only a small amount of capital to influence Polymarket trading levels”
Bill Ackman @BillAckman The polls and Polymarket are not perfect, but they are directionally correct. They were off for the primary because a new unpredicted phenomenon occurred. That is, a large number of new younger voters came out to vote for Mamdani in the primary. That had not occurred before, so the typical polling base (and the bets made on Polymarket) did not reflect the new electorate. Now that phenomenon—the new influx of younger voters—is known and is reflected in the Polymarket data. That is why you can have much greater confidence in the accuracy of their predictions. And the predicted outcome for you suggests a de minimis probability of your winning the election which makes the conclusion even more clear. A 1/100 moonshot is not worth the risk to your reputation and future, and more importantly, to the future of our great city and the millions of lives who will be negatively affected by a @ZohranKMamdani mayoralty. Look inward when making this decision. Do not to be influenced by those around you who benefit by your run for mayor. Their incentives are not in your long-term best interests for obvious reasons. Bill Ackman @BillAckman I keep heard from some that they have given up hope on the NYC mayoral election based on the probability of @ZohranKMamdani reflected by Polymarket. The problem is that it takes only a small amount of capital to influence Polymarket trading levels. Please see the post below about evidence of manipulative activity on the mayoral election. Ask yourself who would buy Mamdani at 95% to make 5% with the potential for a total loss. It seems like a stupid trade even if you think Mamdani will win. In other words, I think the 20-1 payoff to bet on @andrewcuomo for the win looks really compelling now in light of the high turnout, the age of those voting, and growing momentum going into the last week. Don’t forget that Polymarket had @andrewcuomo with an 85% probability of winning the primary a week out from the vote. Let’s not let the betting sites affect the outcome of the election.
November 7, 2025 at 7:06 AM
agarri.fr
In France, we had a somewhat related story last year. In the end, Florent Curtet was sentenced for criminal conspiracy and complicity in attempted extortion

www.lemonde.fr/pixels/artic...
November 7, 2025 at 6:56 AM
Reposted by Nicolas Grégoire
digi.ninja
This is a cool attack, create a machine running in Hyper-V on a victim's machine and do all your attacking through that while it runs in the background.

www.theregister.com/2025/11/04/r...
November 5, 2025 at 11:06 AM
Reposted by Nicolas Grégoire
alexandreborges.bsky.social
Breaking Into a Brother (MFC-J1010DW): Three Security Flaws in a Seemingly Innocent Printer:

starlabs.sg/blog/2025/11...

#cybersecurity #exploitation #printer #exploit #vulnerability
November 7, 2025 at 1:14 AM