doomerhunter (Victor Poucheret)

We just made ~150 000$ hacking on AWS at #H1-0131 with @Geluchat, winning the Most Impactful Team tropy! LHEs are incredible for the mind-blowing bugs found by elite hackers! GGs to the @awscloud, @amazon and @Hacker0x01 teams that did a wonderful job throughout this LHE!

I will now exclusively submit reports using video pocs in this tiktok format

Hack in Milan : Went on a trip, found a few crits with the boys @Geluchat @n1nj4sec :D Check out the edit below. 📣 Nujabes - Feather Really great challenge by @Hacker0x01 can't wait for the next one !

I'm happy to release a script gadgets wiki inspired by the work of @slekies, @kkotowicz, and @sirdarckcat in their Black Hat USA 2017 talk! 🔥 The goal is to provide quick access to gadgets that help bypass HTML sanitizers and CSPs 👇 gmsgadget.com 1/4

Sadly, my talk on AI Hackbots was turned down at @UYBHYS ! Where should I perform it now ? :D

Ready to explore how AI is transforming Ethical Hacking? We've put together some introductory hands-on examples including: 🔍 Recon & Discovery Contextual subdomain enum, screenshot analysis, and content discovery ⚡ Exploit Development Automated vulnerability detection 🤖…

RCE is definitely one of the best feelings you can get. Fun ride with the bros @Geluchat and @n1nj4sec Still took 2 weeks of research tho (and vibe hacking that I'm guilty of...)

Vibe hacking : Besides creating complex PoCs recently with agents, I've been using @NotebookLM to increase my efficiency. Pretty crazy increase in performance on my side, ranging from : - Providing perfect context to my AI agents to generate PoCs (got a couple very severe bugs…

Got the cutest fridge magnet after the @Hacker0x01 Milan event 🥹

Might be quite interesting for the AWS hackers out there

I thought Golang had pretty secure defaults for parsing JSON, XML, YAML. But apparently there are some unexpected security footguns... @trailofbits' Vasco Franco explores unexpected behaviors in Go's JSON, XML, and YAML parsers that can lead to security vulnerabilities,…

Does your WAF use IP restrictions, or are they more like IP recommendations? @nyxgeek reveals the difference between RemoteAddr and SocketAddr, a distinction that could create a 'sleeper' rule that looks secure but is easily bypassed. trustedsec.com/blog/azures-fr…

Turns out you can just hack any train in the USA and take control over the brakes. This is CVE-2025-1727 and it took me 12 years to get this published. This vulnerability is still not patched. Here's the story:

bugzilla.mozilla.org/show_bug.cgi?i… This is a big change for DOM Clobberers. Firefox Nightly no longer allows native document properties to be overwritten by elements with a name attr, e.g.: <img src=a name=currentScript> <script> alert(document.currentScript)// HTMLScriptElement </script>

It popped :D Now onto the post-exp with the bros @Geluchat and @n1nj4sec 😏

Did everyone knew this but me ? GRC allows you to colorize your nginx logs, what a lifesaver when you're working on these tricky SSRFs

While researching old blog posts, I found this: amlw.dev/vrp/135276622/ It reminds me to start fuzzing everything, no matter how silly it seems.

Vibe hacking a complex SSRF with Claude Code is a special feeling 🔥. Will keep you updated if we pop it, its gonna be crazy