Maltemo
@maltemo.bsky.social
🇫🇷 - Security auditor. In my free time, interested in development, OSINT & Forensic. Eclectic hobbies and interests.
Blog : https://maltemo.github.io
Blog : https://maltemo.github.io
Would you read your fuzzing wordlist before using it?
What if there is a destructive query or an attacker payload inside?
github.com/danielmiessl...
What if there is a destructive query or an attacker payload inside?
github.com/danielmiessl...
[Bug report]: Potential dangerous line in file `wso2-enterprise-integrator.txt` · Issue #1267 · danielmiessler/SecLists
I discovered while using the wordlist wso2-enterprise-integrator.txt that one of its entry tries to exploit what seems to be a SSRF to a (external or local ?) server : carbon/wsdl2code/index.jsp?ge...
github.com
December 4, 2025 at 4:00 PM
Would you read your fuzzing wordlist before using it?
What if there is a destructive query or an attacker payload inside?
github.com/danielmiessl...
What if there is a destructive query or an attacker payload inside?
github.com/danielmiessl...
Reposted by Maltemo
July 22, 2025 at 1:38 PM
Reposted by Maltemo
I'm happy to release a script gadgets wiki inspired by the work of @slekies, @kkotowicz, and @sirdarckcat in their Black Hat USA 2017 talk! 🔥
The goal is to provide quick access to gadgets that help bypass HTML sanitizers and CSPs 👇
gmsgadget.com
1/4
The goal is to provide quick access to gadgets that help bypass HTML sanitizers and CSPs 👇
gmsgadget.com
1/4
July 24, 2025 at 3:31 PM
I'm happy to release a script gadgets wiki inspired by the work of @slekies, @kkotowicz, and @sirdarckcat in their Black Hat USA 2017 talk! 🔥
The goal is to provide quick access to gadgets that help bypass HTML sanitizers and CSPs 👇
gmsgadget.com
1/4
The goal is to provide quick access to gadgets that help bypass HTML sanitizers and CSPs 👇
gmsgadget.com
1/4
Reposted by Maltemo
Today was my last day as a pentester at Bsecure. After a three-year journey of hunting on the side, I’m ready to go all-in as a full-time bug bounty hunter. You can read about my journey from pentester to full-time hunter here: gelu.chat/posts/from-p...
Finding Freedom, One Bug at a Time: My Journey from Pentester to Full-Time Hunter
After seven years in pentesting, I transitioned full-time into bug bounty hunting, leveraging deep experience and continuous learning. This article shares key moments and insights from that journey.
gelu.chat
July 4, 2025 at 3:09 PM
Today was my last day as a pentester at Bsecure. After a three-year journey of hunting on the side, I’m ready to go all-in as a full-time bug bounty hunter. You can read about my journey from pentester to full-time hunter here: gelu.chat/posts/from-p...
Reposted by Maltemo
Documenté, Sourcé, Miniaturé, Plus qu'à... Siroter ! 🎁
Cc @maltemo.bsky.social 🤝 @KharaTheOne (X)
www.youtube.com/live/we_T4x6...
Cc @maltemo.bsky.social 🤝 @KharaTheOne (X)
www.youtube.com/live/we_T4x6...
May 2, 2025 at 5:49 PM
Documenté, Sourcé, Miniaturé, Plus qu'à... Siroter ! 🎁
Cc @maltemo.bsky.social 🤝 @KharaTheOne (X)
www.youtube.com/live/we_T4x6...
Cc @maltemo.bsky.social 🤝 @KharaTheOne (X)
www.youtube.com/live/we_T4x6...
Intéressant, attribution officielle par l'état Français de l'attaque TV5 Monde à l'APT28 appartenant au GRU.
bsky.app/profile/gabr...
bsky.app/profile/gabr...
La diplomatie française passe à l'attribution avec ces accusations de cyberattaques visant le GRU. www.diplomatie.gouv.fr/fr/dossiers-...
Russie – Attribution de cyberattaques contre la France au service de renseignement militaire russe (APT28) (29.04.25)
La France condamne avec la plus grande fermeté le recours par le service de renseignement militaire russe (GRU) au mode opératoire d'attaque APT28, (…)
www.diplomatie.gouv.fr
April 29, 2025 at 3:44 PM
Intéressant, attribution officielle par l'état Français de l'attaque TV5 Monde à l'APT28 appartenant au GRU.
bsky.app/profile/gabr...
bsky.app/profile/gabr...
Reposted by Maltemo
Firefox treats multipart/x-mixed-replace like HTML. Chrome doesn’t.
That tiny difference? It can turn a "non-exploitable" XSS into a real one.
Abuse boundary handling, bypass filters, and make your payload land.
thespanner.co.uk/making-the-u...
That tiny difference? It can turn a "non-exploitable" XSS into a real one.
Abuse boundary handling, bypass filters, and make your payload land.
thespanner.co.uk/making-the-u...
Making the Unexploitable Exploitable with X-Mixed-Replace on Firefox - The Spanner
In this post, we’ll look at an interesting difference in how Firefox and Chrome handle the multipart/x-mixed-replace content type. While Chrome treats it as an image, Firefox renders it as HTML - some...
thespanner.co.uk
April 25, 2025 at 9:50 PM
Firefox treats multipart/x-mixed-replace like HTML. Chrome doesn’t.
That tiny difference? It can turn a "non-exploitable" XSS into a real one.
Abuse boundary handling, bypass filters, and make your payload land.
thespanner.co.uk/making-the-u...
That tiny difference? It can turn a "non-exploitable" XSS into a real one.
Abuse boundary handling, bypass filters, and make your payload land.
thespanner.co.uk/making-the-u...
Reposted by Maltemo
April 28, 2025 at 10:59 AM
Reposted by Maltemo
Do you use WebSockets? Read our latest blog post to find out how modern browsers may (or may not) be protecting you from Cross-Site WebSocket Hijacking.
blog.includesecurity.com/2025/04/cros...
blog.includesecurity.com/2025/04/cros...
Cross-Site WebSocket Hijacking Exploitation in 2025 - Include Security Research Blog
Include Security's latest blog post covers Cross-Site WebSocket Hijacking and how modern browser security features do (or don't) protect users. We discuss Total Cookie Protection in Firefox, Private N...
blog.includesecurity.com
April 17, 2025 at 7:59 PM
Do you use WebSockets? Read our latest blog post to find out how modern browsers may (or may not) be protecting you from Cross-Site WebSocket Hijacking.
blog.includesecurity.com/2025/04/cros...
blog.includesecurity.com/2025/04/cros...
I was reading Chromium source code from a website that doesn’t have search bar or any indexing and searched my way with google dorks: chromium.googlesource.com/chromium/src...
I just discovered there is an index version featuring function hovering and linking 🤦♂️:
source.chromium.org/chromium/chr...
I just discovered there is an index version featuring function hovering and linking 🤦♂️:
source.chromium.org/chromium/chr...
/ - chromium/src - Git at Google
chromium.googlesource.com
March 28, 2025 at 8:53 AM
I was reading Chromium source code from a website that doesn’t have search bar or any indexing and searched my way with google dorks: chromium.googlesource.com/chromium/src...
I just discovered there is an index version featuring function hovering and linking 🤦♂️:
source.chromium.org/chromium/chr...
I just discovered there is an index version featuring function hovering and linking 🤦♂️:
source.chromium.org/chromium/chr...
Reposted by Maltemo
🔥 My Black Hat talk is now live! 🎥
Watch how email parsing quirks turned into RCE in Joomla and critical access control bypasses across major platforms. See how these subtle flaws led to serious exploits!
www.youtube.com/watch?v=Uky4...
Watch how email parsing quirks turned into RCE in Joomla and critical access control bypasses across major platforms. See how these subtle flaws led to serious exploits!
www.youtube.com/watch?v=Uky4...
Splitting the Email Atom: Exploiting Parsers to Bypass Access Controls
YouTube video by Black Hat
www.youtube.com
March 20, 2025 at 12:41 PM
🔥 My Black Hat talk is now live! 🎥
Watch how email parsing quirks turned into RCE in Joomla and critical access control bypasses across major platforms. See how these subtle flaws led to serious exploits!
www.youtube.com/watch?v=Uky4...
Watch how email parsing quirks turned into RCE in Joomla and critical access control bypasses across major platforms. See how these subtle flaws led to serious exploits!
www.youtube.com/watch?v=Uky4...
Reposted by Maltemo
You might have noticed that the recent SAML writeups omit some crucial details. In "SAML roulette: the hacker always wins", we share everything you need to know for a complete unauthenticated exploit on ruby-saml, using GitLab as a case-study.
portswigger.net/research/sam...
portswigger.net/research/sam...
SAML roulette: the hacker always wins
Introduction In this post, we’ll show precisely how to chain round-trip attacks and namespace confusion to achieve unauthenticated admin access on GitLab Enterprise by exploiting the ruby-saml library
portswigger.net
March 18, 2025 at 2:57 PM
You might have noticed that the recent SAML writeups omit some crucial details. In "SAML roulette: the hacker always wins", we share everything you need to know for a complete unauthenticated exploit on ruby-saml, using GitLab as a case-study.
portswigger.net/research/sam...
portswigger.net/research/sam...
Reposted by Maltemo
Great resource on secret leakage, I invite you to read it.
The State of Secrets Sprawl Report | GitGuardian
www.gitguardian.com
March 12, 2025 at 11:42 AM
Great resource on secret leakage, I invite you to read it.
Reposted by Maltemo
I published my Documentation of CAN Arsenal for @kalilinux NetHunter
👇👇👇
v0lk3n.github.io/NetHunter/CA...
It should be released as experimental version in 2025.1!
I will keep updating it and add functionality to it!
@yesimxev @kimocoder
#NetHunter #KaliLinux #CarHacking #CANBus
👇👇👇
v0lk3n.github.io/NetHunter/CA...
It should be released as experimental version in 2025.1!
I will keep updating it and add functionality to it!
@yesimxev @kimocoder
#NetHunter #KaliLinux #CarHacking #CANBus
February 12, 2025 at 12:37 AM
I published my Documentation of CAN Arsenal for @kalilinux NetHunter
👇👇👇
v0lk3n.github.io/NetHunter/CA...
It should be released as experimental version in 2025.1!
I will keep updating it and add functionality to it!
@yesimxev @kimocoder
#NetHunter #KaliLinux #CarHacking #CANBus
👇👇👇
v0lk3n.github.io/NetHunter/CA...
It should be released as experimental version in 2025.1!
I will keep updating it and add functionality to it!
@yesimxev @kimocoder
#NetHunter #KaliLinux #CarHacking #CANBus
Reposted by Maltemo
A few weeks ago, I've learned about the Okta Bcrypt incident from the @gergely.pragmaticengineer.com newsletter, and it made me wonder about the API choices by crypto libraries that allowed this incident to be unnoticed for years. My new post explores the topic. Enjoy! =)
n0rdy.foo/posts/202501...
n0rdy.foo/posts/202501...
n0rdy - What Okta Bcrypt incident can teach us about designing better APIs
n0rdy.foo
January 22, 2025 at 5:50 PM
A few weeks ago, I've learned about the Okta Bcrypt incident from the @gergely.pragmaticengineer.com newsletter, and it made me wonder about the API choices by crypto libraries that allowed this incident to be unnoticed for years. My new post explores the topic. Enjoy! =)
n0rdy.foo/posts/202501...
n0rdy.foo/posts/202501...
Reposted by Maltemo
February 4, 2025 at 3:24 PM
Reposted by Maltemo
Hi it's me again, I've been calling for a while now, you need to pay your health insurance Sir...
Or have some replays? 😏
La dernière Techno Watch avec @Drypaints @Maltemo et @pentest_swissky !🌿
www.youtube.com/watch?v=ysen...
1/2
Or have some replays? 😏
La dernière Techno Watch avec @Drypaints @Maltemo et @pentest_swissky !🌿
www.youtube.com/watch?v=ysen...
1/2
EP 177 | Techno Watch January Ft. @Drypaints @Maltemo @pentest_swissky
YouTube video by Laluka
www.youtube.com
February 3, 2025 at 3:30 PM
Hi it's me again, I've been calling for a while now, you need to pay your health insurance Sir...
Or have some replays? 😏
La dernière Techno Watch avec @Drypaints @Maltemo et @pentest_swissky !🌿
www.youtube.com/watch?v=ysen...
1/2
Or have some replays? 😏
La dernière Techno Watch avec @Drypaints @Maltemo et @pentest_swissky !🌿
www.youtube.com/watch?v=ysen...
1/2
Reposted by Maltemo
Yop ! 🌿
Reprise des veilles technos ce soir 21h ! 🌖
En compagnie de @drypaint.bsky.social @maltemo.bsky.social @swissky.bsky.social 😎
~ See you there ~
www.twitch.tv/thelaluka
Reprise des veilles technos ce soir 21h ! 🌖
En compagnie de @drypaint.bsky.social @maltemo.bsky.social @swissky.bsky.social 😎
~ See you there ~
www.twitch.tv/thelaluka
Twitch
Twitch is the world
www.twitch.tv
January 28, 2025 at 5:47 PM
Yop ! 🌿
Reprise des veilles technos ce soir 21h ! 🌖
En compagnie de @drypaint.bsky.social @maltemo.bsky.social @swissky.bsky.social 😎
~ See you there ~
www.twitch.tv/thelaluka
Reprise des veilles technos ce soir 21h ! 🌖
En compagnie de @drypaint.bsky.social @maltemo.bsky.social @swissky.bsky.social 😎
~ See you there ~
www.twitch.tv/thelaluka
Question about Trusted Types :
What blocks an attacker from creating it’s own Trusted TypePolicy from the TrustedTypePolicyFactory with a function that doesn’t sanitize input data ? Am I missing something ?
What blocks an attacker from creating it’s own Trusted TypePolicy from the TrustedTypePolicyFactory with a function that doesn’t sanitize input data ? Am I missing something ?
January 28, 2025 at 10:12 AM
Question about Trusted Types :
What blocks an attacker from creating it’s own Trusted TypePolicy from the TrustedTypePolicyFactory with a function that doesn’t sanitize input data ? Am I missing something ?
What blocks an attacker from creating it’s own Trusted TypePolicy from the TrustedTypePolicyFactory with a function that doesn’t sanitize input data ? Am I missing something ?
Reposted by Maltemo
Hot out of the oven! The Cookie Sandwich – a technique that lets you bypass the HttpOnly protection! This isn't your average dessert; it’s a recipe for disaster if your app isn’t prepared: portswigger.net/research/ste...
Stealing HttpOnly cookies with the cookie sandwich technique
In this post, I will introduce the "cookie sandwich" technique which lets you bypass the HttpOnly flag on certain servers. This research follows on from Bypassing WAFs with the phantom $Version cookie
portswigger.net
January 22, 2025 at 3:06 PM
Hot out of the oven! The Cookie Sandwich – a technique that lets you bypass the HttpOnly protection! This isn't your average dessert; it’s a recipe for disaster if your app isn’t prepared: portswigger.net/research/ste...
@fox0x01.bsky.social just reported an account trying to impersonate you : [@]foxox01.bsky.social
January 8, 2025 at 3:09 PM
@fox0x01.bsky.social just reported an account trying to impersonate you : [@]foxox01.bsky.social
Reposted by Maltemo
Somebody uploaded to SlideShare the slides of my talk at @northsec.bsky.social 2023 🌐
It’s the sequel of the first @burpsuite.bsky.social talk I ever gave, exactly 10 years before 🛠️
Enjoy these 50 slides of Burp tips 🎁🎅
It’s the sequel of the first @burpsuite.bsky.social talk I ever gave, exactly 10 years before 🛠️
Enjoy these 50 slides of Burp tips 🎁🎅
Burp suite pro tips and tricks for hacking
Burp suite pro tips and tricks for hacking - Download as a PDF or view online for free
slideshare.net
December 23, 2024 at 10:00 PM
Somebody uploaded to SlideShare the slides of my talk at @northsec.bsky.social 2023 🌐
It’s the sequel of the first @burpsuite.bsky.social talk I ever gave, exactly 10 years before 🛠️
Enjoy these 50 slides of Burp tips 🎁🎅
It’s the sequel of the first @burpsuite.bsky.social talk I ever gave, exactly 10 years before 🛠️
Enjoy these 50 slides of Burp tips 🎁🎅
Reposted by Maltemo
hear me out, pass the certificate auth on nxc 🔥
December 31, 2024 at 5:11 PM
hear me out, pass the certificate auth on nxc 🔥
Reposted by Maltemo
Want to run roadrecon, but a device compliance policy is getting in your way? You can use the Intune Company Portal client ID, which is a hardcoded and undocumented exclusion in CA for device compliance. It has user_impersonation rights on the AAD Graph 😃
December 12, 2024 at 3:59 PM
Want to run roadrecon, but a device compliance policy is getting in your way? You can use the Intune Company Portal client ID, which is a hardcoded and undocumented exclusion in CA for device compliance. It has user_impersonation rights on the AAD Graph 😃
Just discovered this nice resource about DOM Clobbering attacks :
domclob.xyz
Thank you Soheil for this amazing work
domclob.xyz
Thank you Soheil for this amazing work
DOM Clobbering
DOM Clobbering Wiki
domclob.xyz
November 26, 2024 at 10:56 PM
Just discovered this nice resource about DOM Clobbering attacks :
domclob.xyz
Thank you Soheil for this amazing work
domclob.xyz
Thank you Soheil for this amazing work