Hack'n Speak
By mpgn
Bienvenue sur le podcast francophone Hack'n Speak ! Notre but est de partager la voix de nos 'hacker' à travers leurs outils / recherches.
Hack'n SpeakMay 15, 2023
00:00
01:10:49
0x1E - @Agarri_FR | Un peu d'histoire, la formation Mastering Burp Suite Pro, le bug bounty (XXE, XSLT, SSRF)
Twitter Agarri: https://twitter.com/Agarri_FR
Formation Burp Suite: https://hackademy.agarri.fr/
Twitter MasteringBurp : https://twitter.com/MasteringBurp
Blog Agarri : https://www.agarri.fr/fr
mpgn: https://twitter.com/mpgn_x64
May 15, 202301:10:49
0x1D - @palenath | De l'OSINT, un workshop à Interpol, de l'open source
palenath : https://twitter.com/palenath
Github: https://github.com/megadose/
Site OSINT FR: https://osintfr.com/
Discord OSINT FR: https://discord.gg/dWY9sWFKYD
Epios: https://epieos.com/ mpgn: https://twitter.com/mpgn_x64
Github: https://github.com/megadose/
Site OSINT FR: https://osintfr.com/
Discord OSINT FR: https://discord.gg/dWY9sWFKYD
Epios: https://epieos.com/ mpgn: https://twitter.com/mpgn_x64
Apr 10, 202344:09
0x1C - @Blaklis_ | Bug Bounty full time, un reward à 75k, la création du club Paris HackerOne
Blaklis_ : https://twitter.com/Blaklis_
Lien Club Paris Discord: https://discord.gg/MT6D8wP2Hd
Profil HackerOne: https://hackerone.com/blaklis?type=user
mpgn: https://twitter.com/mpgn_x64
Lien Club Paris Discord: https://discord.gg/MT6D8wP2Hd
Profil HackerOne: https://hackerone.com/blaklis?type=user
mpgn: https://twitter.com/mpgn_x64
Feb 27, 202352:50
0x1B - @M4yFly | Retour sur la création du lab GOAD et une RCE 9.8 sur GLPI CVE-2022-35914
M4Fly: https://twitter.com/M4yFly
GOAD: https://github.com/Orange-Cyberdefense/GOAD
RCE GLPI: https://mayfly277.github.io/posts/GLPI-htmlawed-CVE-2022-35914/
Arsenal: https://github.com/Orange-Cyberdefense/arsenal
Mindmap AD: https://github.com/Orange-Cyberdefense/ocd-mindmaps
mpgn: https://twitter.com/mpgn_x64
GOAD: https://github.com/Orange-Cyberdefense/GOAD
RCE GLPI: https://mayfly277.github.io/posts/GLPI-htmlawed-CVE-2022-35914/
Arsenal: https://github.com/Orange-Cyberdefense/arsenal
Mindmap AD: https://github.com/Orange-Cyberdefense/ocd-mindmaps
mpgn: https://twitter.com/mpgn_x64
Jan 31, 202357:48
0x1A - @g0h4n | Retour sur la création de RustHound, l'outil crossplateforme plus rapide que Sharphound !
g0h4n: https://twitter.com/g0h4n_0
RustHound: https://github.com/OPENCYBER-FR/RustHound
SharpHound: https://github.com/BloodHoundAD/SharpHound
Bloodhound: https://github.com/BloodHoundAD/BloodHound
python-bloodhound: https://github.com/fox-it/BloodHound.py
mpgn: https://twitter.com/mpgn_x64
RustHound: https://github.com/OPENCYBER-FR/RustHound
SharpHound: https://github.com/BloodHoundAD/SharpHound
Bloodhound: https://github.com/BloodHoundAD/BloodHound
python-bloodhound: https://github.com/fox-it/BloodHound.py
mpgn: https://twitter.com/mpgn_x64
Dec 23, 202250:01
0x19 - @rkvl | Retour sur la création de Sliver & le redteam aux US (gilet pare balles non obligatoire)
lesnuages / rkervell : https://twitter.com/rkervell
Moloch : https://twitter.com/LittleJoeTables
blogpost sliver : https://dominicbreuker.com/
Sliver: https://github.com/BishopFox/sliver mpgn: https://twitter.com/mpgn_x64
Sliver: https://github.com/BishopFox/sliver mpgn: https://twitter.com/mpgn_x64
Nov 29, 202257:04
0x18 - @Swissky | Retour sur la création de PayloadsAllTheThings & SSRFmap !
mpgn: https://twitter.com/mpgn_x64
@pentest_swissky : https://twitter.com/pentest_swissky
PayloadsAllTheThings https://github.com/swisskyrepo/PayloadsAllTheThings
SSRFmap https://github.com/swisskyrepo/SSRFmap
@pentest_swissky : https://twitter.com/pentest_swissky
PayloadsAllTheThings https://github.com/swisskyrepo/PayloadsAllTheThings
SSRFmap https://github.com/swisskyrepo/SSRFmap
Nov 02, 202248:13
0x17 - @_ZakSec | Retour sur la création de Masky et on parle purple team !
Sep 29, 202248:37
0x16 - @snyff | Retour sur la création et la philosophie de PentesterLab
mpgn: https://twitter.com/mpgn_x64
@snyff: https://twitter.com/snyff
PentesterLab : https://pentesterlab.com/
@snyff: https://twitter.com/snyff
PentesterLab : https://pentesterlab.com/
Aug 25, 202244:36
0x15 - @Th3_l5D | Retour sur la création et la philosophie de NewbieContest
mpgn: https://twitter.com/mpgn_x64
@Th3_l5D: https://twitter.com/Th3_l5D NewbieContent : https://www.newbiecontest.org/
@Th3_l5D: https://twitter.com/Th3_l5D NewbieContent : https://www.newbiecontest.org/
Jul 28, 202248:16
0x14 - @T00uF | Retour sur DonPAPI !
mpgn: https://twitter.com/mpgn_x64
@T00uF : https://twitter.com/T00uF
github: https://github.com/login-securite/DonPAPI : Dumping revelant information on compromised targets without AV detection
recherche @Fist0urs pour Synacktiv https://www.synacktiv.com/ressources/JSSI_2017_DPAPI_Synacktiv.pdf
@T00uF : https://twitter.com/T00uF
github: https://github.com/login-securite/DonPAPI : Dumping revelant information on compromised targets without AV detection
recherche @Fist0urs pour Synacktiv https://www.synacktiv.com/ressources/JSSI_2017_DPAPI_Synacktiv.pdf
Jun 30, 202245:29
Hors-serie : Debrief du Workshop CrackMapExec (difficulté facile) à leHack 2022
Solution du lab présenté lors du Workshop CrackMapExec à leHack 2022 par @mpgn_x64
Jun 27, 202217:08
0x13 - @swapgs | One vulnerability to rule them all, nomination aux pwnie awards, première participation à la pwn2own
Jun 03, 202257:19
0x12 - the-useless-one & @lowercase_drm | Retour sur la librairie Pywerview
mpgn: https://twitter.com/mpgn_x64
the-useless-one (Yannick): https://github.com/the-useless-one
pywerview: https://github.com/the-useless-one/pywerview @lowercase_drm (Simon) https://twitter.com/lowercase_drm Le blog de l'équipe : https://offsec.almond.consulting/
the-useless-one (Yannick): https://github.com/the-useless-one
pywerview: https://github.com/the-useless-one/pywerview @lowercase_drm (Simon) https://twitter.com/lowercase_drm Le blog de l'équipe : https://offsec.almond.consulting/
May 05, 202252:22
0x11 - 0xLupin | Un parcours atypique, gagner la coupe du monde de Bug Bounty organisée par @Hackerone
mpgn: https://twitter.com/mpgn_x64
0xLupin: https://twitter.com/0xLupin
Classement final: https://twitter.com/Hacker0x01/status/1496962484204408837
0xLupin: https://twitter.com/0xLupin
Classement final: https://twitter.com/Hacker0x01/status/1496962484204408837
Equipe:
arsene_lupin adibou kuromatae yanzax neolex sehno 0xbeefed bitk bask hisxo reeverzax victor_pct serizao bzhash gromak123 hach sakiir jtop_fap adolphoramirez 4bg0p TnMchMar 02, 202251:47
0x10 - Qazeer & th3m4ks | Retour sur l'outil EDRSandBlast, fonctionnement et contournement d'un EDR
Jan 31, 202253:24
0x0F - Laluka | RCE sur root-me.org, recherche de 0-day et dev d'outils custom
Dec 22, 202151:04
0x0E - Podalirius | Retour sur LDAPMonitor, pydsinternals et le rebuild d'un AS400
Liens:
mpgn: https://twitter.com/mpgn_x64podalirius: https://twitter.com/podalirius_/
Github: https://github.com/p0dalirius
Blog: https://podalirius.net/en/
Dec 06, 202149:06
0x0D - Amat Cama | Gagner la Pwn2Own avec @fluoroacetate, la sth4ck, "w3challs c'est mieux que root-me !"
Twitter:
mpgn: https://twitter.com/mpgn_x64Amat Cama: https://twitter.com/amatcama fluoroacetate: https://twitter.com/fluoroacetate https://sthack.fr/ https://www.root-me.org/ https://w3challs.com/challenges/list/pwn
Vainqueur de la Pwn2Own:
pwn2own Tokyo 2018 - Master of Pwn pwn2own Vancouver 2019 - Master of Pwn pwn2own Tokyo 2019 - Master of Pwn pwn2own 2020 COVID - Master of PwnOct 29, 202145:45
0x0C - Shutdown | Retour sur Exegol / thehacker.recipes (partie 2)
Twitter:
mpgn: https://twitter.com/mpgn_x64Shutdown: https://twitter.com/_nwodtuhs
Github project:
https://github.com/ShutdownRepo/pywhiskerhttps://github.com/ShutdownRepo/targetedKerberoast
https://github.com/ShutdownRepo/Exegol
https://www.thehacker.recipes/
https://github.com/koutto/pi-pwnbox-rogueap
Sep 20, 202140:21
0x0B - Shutdown | Retour sur les outils pywhisker / targetedKerberoast (partie 1)
Twitter:
mpgn: https://twitter.com/mpgn_x64Shutdown: https://twitter.com/_nwodtuhs
Github project:
https://github.com/ShutdownRepo/pywhiskerhttps://github.com/ShutdownRepo/targetedKerberoast
https://github.com/ShutdownRepo/Exegol
https://www.thehacker.recipes/
https://github.com/koutto/pi-pwnbox-rogueap
Sep 20, 202141:19
0x0A - cfreal_ | Retour sur PHPGGC, du code, encore du code
Twitter:
mpgn: https://twitter.com/mpgn_x64cfreal_: https://twitter.com/cfreal_
Github project:
PHPGGC: https://github.com/ambionics/phpggcAug 20, 202150:27
0x09 - topotam | Une belle histoire, du TII et PetitPotam
Twitter:
mpgn: https://twitter.com/mpgn_x64topotam : https://twitter.com/topotam77
Github project:
PetitPotam: https://github.com/topotam/PetitPotamJul 28, 202156:34
0x08 - gentilkiwi | Retour sur kekeo, du RDP, de la smartcard et le choix de l'open source (partie 2)
Twitter:
mpgn: https://twitter.com/mpgn_x64gentilkiwi: https://twitter.com/gentilkiwi
Github project:
Mimikatz: https://github.com/gentilkiwi/mimikatzKekeo: https://github.com/gentilkiwi/kekeo
Jun 23, 202101:03:41
0x07 - gentilkiwi | Retour sur Mimikatz, la BlueHat et les EDR ԅ(≖‿≖ԅ) (partie 1)
Twitter:
mpgn: https://twitter.com/mpgn_x64gentilkiwi: https://twitter.com/gentilkiwi
Github project:
Mimikatz: https://github.com/gentilkiwi/mimikatzKekeo: https://github.com/gentilkiwi/kekeo
Jun 23, 202146:46
0x06 - vletoux | Retour sur PingCastle, le choix de l'open source et Mimikatz (dcsync)
Twitter:
mpgn: https://twitter.com/mpgn_x64vletoux: https://twitter.com/mysmartlogon
Github project:
PingCastle: https://github.com/vletoux/pingcastleNULL DACL youtube.com/watch?v=KILnU4FhQbc
GidsApplet: https://github.com/vletoux/GidsApplet
May 12, 202148:35
0x05 - lgandx | Retour sur Responder, du sponsoring via Patreon et PCredz
Twitter:
mpgn: https://twitter.com/mpgn_x64lgandx: https://twitter.com/PythonResponder
Github projects:
Responder: https://github.com/lgandx/ResponderPCredz: https://github.com/lgandx/PCredz
Sponsoring via Patreon:
https://www.patreon.com/PythonResponderhttps://www.paypal.com/paypalme/PythonResponder
Blog:
https://g-laurent.blogspot.com/Article Microsoft DHCP INFORM Configuration Overwrite
Turning client side to server side ruxcon 2011
Tools évoqué dans le podcast par Laurent:
Network Monitor pour SMBv1Message Analyzer pour SMBv2
Implementing CIFS - The Common Internet FileSystem
Apr 12, 202101:07:51
0x04 - hisxo | Bug Bounty, motivex, moraline et un outil nommé gitGraber (partie 2)
Twitter:
mpgn: https://twitter.com/mpgn_x64hisxo : https://twitter.com/adrien_jeanneau
Github projects:
gitGraber: https://github.com/hisxo/gitGraberMar 26, 202146:04
0x03 - hisxo | Bug Bounty, motivex, moraline et un outil nommé gitGraber (partie 1)
Twitter:
mpgn: https://twitter.com/mpgn_x64hisxo : https://twitter.com/adrien_jeanneau
Github projects:
gitGraber: https://github.com/hisxo/gitGraberMar 26, 202152:10
0x02 - itm4n | Recherche de 0days Windows, trois outils, un blog (partie 2)
Twitter:
mpgn: https://twitter.com/mpgn_x64itm4n: https://twitter.com/itm4n
Blog:
https://itm4n.github.io/Github projects:
PrivescCheck: https://github.com/itm4n/PrivescCheckFullPowers: https://github.com/itm4n/FullPowers
PrintSpoofer: https://github.com/itm4n/PrintSpoofer
Feb 15, 202101:02:41
0x01 - itm4n | Recherche de 0days Windows, trois outils, un blog (partie 1)
Twitter:
mpgn: https://twitter.com/mpgn_x64itm4n: https://twitter.com/itm4n
Blog:
https://itm4n.github.io/Github projects:
PrivescCheck: https://github.com/itm4n/PrivescCheckFullPowers: https://github.com/itm4n/FullPowers
PrintSpoofer: https://github.com/itm4n/PrintSpoofer
Feb 15, 202152:47
0x00 - Pixis | Retour sur lsassy et hackndo.com
Twitter:
mpgn: https://twitter.com/mpgn_x64Pixis: https://twitter.com/HackAndDo
Github projects:
lsassy: https://github.com/Hackndo/lsassypyGPOAbuse: https://github.com/Hackndo/pyGPOAbuse
sprayhound: https://github.com/Hackndo/sprayhound
Crackmapexec: https://github.com/byt3bl33d3r/CrackMapExec
Impacket: https://github.com/SecureAuthCorp/impacket
Prodump module CME: https://gist.github.com/mpgn/414335dc8a91c39fabcbeb693641e57a
Jan 12, 202153:33