Let's talk about the "MD Auth" challenge, I admit I started with this challenge thinking it would be about "Markdown". I was wrong but it was nonetheless interesting to solve…

Last night I stumbled across an XSS in a bug bounty program, this was quite fun to exploit…

What is it ? The WHID Injector is USB Key which act as a remote keyboard. Basically it sets up a Wifi Access Point where you can connect and send whatever you want on the machine. It also has a Rubber Ducky payload converter, an exfiltrated data tab and many more. What can I do ? Everything you could do with a keyboard plugged into a computer, for example : using WHID Toolkit you can spawn a reverse-shell :D Where to buy a WHID Injector ? I got mine from Aliexpress, it's also available on ebay around 15+ $ ;)…

Last year the first day of my internship I was given a computer and asked to install and secure it for two days. After that delay anyone can try to attack and compromise my machine, and if so I was welcome to buy some "French Croissants" to the team while the attacker explain his method to get access into your computer the next morning. There are some techniques you need to be aware of when you're securing your machine, the list below is not exhaustive…