Hack'n Speak
By mpgn
Bienvenue sur le podcast francophone Hack'n Speak ! Notre but est de partager la voix de nos 'hacker' à travers leurs outils / recherches.
Hack'n SpeakDec 23, 2022
00:00
50:01
0x26 mrxch | Retour sur le création de Ghunt, une anecdote croustillante !
- Twitter: https://twitter.com/mxrchreborn
- Twitter: https://twitter.com/mpgn_x64
- Ghunt : https://github.com/mxrch/GHunt
Feb 27, 202440:01
0x25 s4r | Du reverse, des anecdotes, la création de crackmes.one
- Twitter https://twitter.com/sar5430
- blog: https://sar5430.github.io/
- Twitter https://twitter.com/mpgn_x64
- Site de crackme: https://crackmes.one/
Jan 11, 202450:60
0x24 Arnaud Pilon | De la réponse à incident, retour d'expérience ...
Dec 04, 202357:26
0x23 @fr0gger_ | Du threat Intel, de la réponse sur incident, le projet unprotect.io, un livre
- Twitter fr0gger https://twitter.com/fr0gger_
- Twitter https://twitter.com/mpgn_x64
- Livre https://store.securitybreak.io/threatintel
- Unprotect.io https://unprotect.it/https://unprotect.it/
Oct 24, 202357:08
0x22 - Renaud Feil | De la passion, de l'entreprenariat, une société: Synacktiv
Sep 29, 202301:07:21
0x21 - @ringtail_sec | De l'hardware fait par un pentester pour les pentesters
- ringtail twitter: https://twitter.com/ringtail_sec
- ringtail site web: https://ringtail.ch/
- basilisk: https://ringtail.ch/products/basilisk-zero-automatic-ethernet-ghosting
- mpgn: https://twitter.com/mpgn_x64
Merci à la société BZHunt pour le prêt du matos https://bzhunt.fr/
Aug 29, 202301:01:37
0x20 - @BitK_ & @sakiirsecurity | Objectif top10 CtfTime, faire un bon ctf, les voyages, une anecdote croustillante
- Twitter: BitK: https://twitter.com/BitK_
- Twitter Sakiir: https://twitter.com/sakiirsecurity
- Team CTFtime: https://ctftime.org/team/87434
Jul 31, 202301:08:02
0x1F - @Zblurx | Retour sur dploot, certsync et le déchiffrement de Windows LAPS
- Twitter: https://twitter.com/_zblurx
- Github: https://github.com/zblurx
- mpgn: https://twitter.com/mpgn_x64
Jun 13, 202347:24
0x1E - @Agarri_FR | Un peu d'histoire, la formation Mastering Burp Suite Pro, le bug bounty (XXE, XSLT, SSRF)
- Twitter Agarri: https://twitter.com/Agarri_FR
- Formation Burp Suite: https://hackademy.agarri.fr/
- Twitter MasteringBurp : https://twitter.com/MasteringBurp
- Blog Agarri : https://www.agarri.fr/fr
May 15, 202301:10:49
0x1D - @palenath | De l'OSINT, un workshop à Interpol, de l'open source
- palenath : https://twitter.com/palenath
- Github: https://github.com/megadose/
- Site OSINT FR: https://osintfr.com/
- Discord OSINT FR: https://discord.gg/dWY9sWFKYD
- Epios: https://epieos.com/
Apr 10, 202344:09
0x1C - @Blaklis_ | Bug Bounty full time, un reward à 75k, la création du club Paris HackerOne
- Blaklis_ : https://twitter.com/Blaklis_
- Lien Club Paris Discord: https://discord.gg/MT6D8wP2Hd
- Profil HackerOne: https://hackerone.com/blaklis?type=user
- mpgn: https://twitter.com/mpgn_x64
Feb 27, 202352:50
0x1B - @M4yFly | Retour sur la création du lab GOAD et une RCE 9.8 sur GLPI CVE-2022-35914
- M4Fly: https://twitter.com/M4yFly
- GOAD: https://github.com/Orange-Cyberdefense/GOAD
- RCE GLPI: https://mayfly277.github.io/posts/GLPI-htmlawed-CVE-2022-35914/
- Arsenal: https://github.com/Orange-Cyberdefense/arsenal
- Mindmap AD: https://github.com/Orange-Cyberdefense/ocd-mindmaps
- mpgn: https://twitter.com/mpgn_x64
Jan 31, 202357:48
0x1A - @g0h4n | Retour sur la création de RustHound, l'outil crossplateforme plus rapide que Sharphound !
- g0h4n: https://twitter.com/g0h4n_0
- RustHound: https://github.com/OPENCYBER-FR/RustHound
- SharpHound: https://github.com/BloodHoundAD/SharpHound
- Bloodhound: https://github.com/BloodHoundAD/BloodHound
- python-bloodhound: https://github.com/fox-it/BloodHound.py
- mpgn: https://twitter.com/mpgn_x64
Dec 23, 202250:01
0x19 - @rkvl | Retour sur la création de Sliver & le redteam aux US (gilet pare balles non obligatoire)
- lesnuages / rkervell : https://twitter.com/rkervell
- Moloch : https://twitter.com/LittleJoeTables
- blogpost sliver : https://dominicbreuker.com/
- Sliver: https://github.com/BishopFox/sliver
- mpgn: https://twitter.com/mpgn_x64
Nov 29, 202257:04
0x18 - @Swissky | Retour sur la création de PayloadsAllTheThings & SSRFmap !
- mpgn: https://twitter.com/mpgn_x64
- @pentest_swissky : https://twitter.com/pentest_swissky
- PayloadsAllTheThings https://github.com/swisskyrepo/PayloadsAllTheThings
- SSRFmap https://github.com/swisskyrepo/SSRFmap
Nov 02, 202248:13
0x17 - @_ZakSec | Retour sur la création de Masky et on parle purple team !
Sep 29, 202248:37
0x16 - @snyff | Retour sur la création et la philosophie de PentesterLab
- mpgn: https://twitter.com/mpgn_x64
- @snyff: https://twitter.com/snyff
- PentesterLab : https://pentesterlab.com/
Aug 25, 202244:36
0x15 - @Th3_l5D | Retour sur la création et la philosophie de NewbieContest
- mpgn: https://twitter.com/mpgn_x64
- @Th3_l5D: https://twitter.com/Th3_l5D
- NewbieContent : https://www.newbiecontest.org/
Jul 28, 202248:16
0x14 - @T00uF | Retour sur DonPAPI !
- mpgn: https://twitter.com/mpgn_x64
- @T00uF : https://twitter.com/T00uF
- github: https://github.com/login-securite/DonPAPI : Dumping revelant information on compromised targets without AV detection
- recherche @Fist0urs pour Synacktiv https://www.synacktiv.com/ressources/JSSI_2017_DPAPI_Synacktiv.pdf
Jun 30, 202245:29
Hors-serie : Debrief du Workshop CrackMapExec (difficulté facile) à leHack 2022
Solution du lab présenté lors du Workshop CrackMapExec à leHack 2022 par @mpgn_x64
Jun 27, 202217:08
0x13 - @swapgs | One vulnerability to rule them all, nomination aux pwnie awards, première participation à la pwn2own
- mpgn: https://twitter.com/mpgn_x64
- @swapgs: https://twitter.com/swapgs
- blog: https://swap.gs/
Jun 03, 202257:19
0x12 - the-useless-one & @lowercase_drm | Retour sur la librairie Pywerview
- mpgn: https://twitter.com/mpgn_x64
- the-useless-one (Yannick): https://github.com/the-useless-one
- pywerview: https://github.com/the-useless-one/pywerview
- @lowercase_drm (Simon) https://twitter.com/lowercase_drm
- Le blog de l'équipe : https://offsec.almond.consulting/
May 05, 202252:22
0x11 - 0xLupin | Un parcours atypique, gagner la coupe du monde de Bug Bounty organisée par @Hackerone
- mpgn: https://twitter.com/mpgn_x64
- 0xLupin: https://twitter.com/0xLupin
- Classement final: https://twitter.com/Hacker0x01/status/1496962484204408837
Equipe:
- arsene_lupin
- adibou
- kuromatae
- yanzax
- neolex
- sehno
- 0xbeefed
- bitk
- bask
- hisxo
- reeverzax
- victor_pct
- serizao
- bzhash
- gromak123
- hach
- sakiir
- jtop_fap
- adolphoramirez
- 4bg0p
- TnMch
Mar 02, 202251:47
0x10 - Qazeer & th3m4ks | Retour sur l'outil EDRSandBlast, fonctionnement et contournement d'un EDR
Jan 31, 202253:24
0x0F - Laluka | RCE sur root-me.org, recherche de 0-day et dev d'outils custom
Dec 22, 202151:04
0x0E - Podalirius | Retour sur LDAPMonitor, pydsinternals et le rebuild d'un AS400
Liens:
- mpgn: https://twitter.com/mpgn_x64
- podalirius: https://twitter.com/podalirius_/
- Github: https://github.com/p0dalirius
- Blog: https://podalirius.net/en/
Dec 06, 202149:06
0x0D - Amat Cama | Gagner la Pwn2Own avec @fluoroacetate, la sth4ck, "w3challs c'est mieux que root-me !"
Twitter:
- mpgn: https://twitter.com/mpgn_x64
- Amat Cama: https://twitter.com/amatcama
- fluoroacetate: https://twitter.com/fluoroacetate
- https://sthack.fr/
- https://www.root-me.org/
- https://w3challs.com/challenges/list/pwn
Vainqueur de la Pwn2Own:
- pwn2own Tokyo 2018 - Master of Pwn
- pwn2own Vancouver 2019 - Master of Pwn
- pwn2own Tokyo 2019 - Master of Pwn
- pwn2own 2020 COVID - Master of Pwn
Oct 29, 202145:45
0x0C - Shutdown | Retour sur Exegol / thehacker.recipes (partie 2)
Sep 20, 202140:21
0x0B - Shutdown | Retour sur les outils pywhisker / targetedKerberoast (partie 1)
Sep 20, 202141:19
0x0A - cfreal_ | Retour sur PHPGGC, du code, encore du code
Aug 20, 202150:27
0x09 - topotam | Une belle histoire, du TII et PetitPotam
Twitter:
- mpgn: https://twitter.com/mpgn_x64
- topotam : https://twitter.com/topotam77
Github project:
- PetitPotam: https://github.com/topotam/PetitPotam
Jul 28, 202156:34
0x08 - gentilkiwi | Retour sur kekeo, du RDP, de la smartcard et le choix de l'open source (partie 2)
Twitter:
- mpgn: https://twitter.com/mpgn_x64
- gentilkiwi: https://twitter.com/gentilkiwi
Github project:
Jun 23, 202101:03:41
0x07 - gentilkiwi | Retour sur Mimikatz, la BlueHat et les EDR ԅ(≖‿≖ԅ) (partie 1)
Twitter:
- mpgn: https://twitter.com/mpgn_x64
- gentilkiwi: https://twitter.com/gentilkiwi
Github project:
Jun 23, 202146:46
0x06 - vletoux | Retour sur PingCastle, le choix de l'open source et Mimikatz (dcsync)
Twitter:
- mpgn: https://twitter.com/mpgn_x64
- vletoux: https://twitter.com/mysmartlogon
Github project:
- PingCastle: https://github.com/vletoux/pingcastle
- NULL DACL youtube.com/watch?v=KILnU4FhQbc
- GidsApplet: https://github.com/vletoux/GidsApplet
May 12, 202148:35
0x05 - lgandx | Retour sur Responder, du sponsoring via Patreon et PCredz
Twitter:
Github projects:
- Responder: https://github.com/lgandx/Responder
- PCredz: https://github.com/lgandx/PCredz
Sponsoring via Patreon:
Blog:
- https://g-laurent.blogspot.com/
- Article Microsoft DHCP INFORM Configuration Overwrite
- Turning client side to server side ruxcon 2011
Tools évoqué dans le podcast par Laurent:
- Network Monitor pour SMBv1
- Message Analyzer pour SMBv2
- Implementing CIFS - The Common Internet FileSystem
Apr 12, 202101:07:51
0x04 - hisxo | Bug Bounty, motivex, moraline et un outil nommé gitGraber (partie 2)
Mar 26, 202146:04
0x03 - hisxo | Bug Bounty, motivex, moraline et un outil nommé gitGraber (partie 1)
Mar 26, 202152:10
0x02 - itm4n | Recherche de 0days Windows, trois outils, un blog (partie 2)
Twitter:
- mpgn: https://twitter.com/mpgn_x64
- itm4n: https://twitter.com/itm4n
Blog:
Github projects:
- PrivescCheck: https://github.com/itm4n/PrivescCheck
- FullPowers: https://github.com/itm4n/FullPowers
- PrintSpoofer: https://github.com/itm4n/PrintSpoofer
-
Feb 15, 202101:02:41
0x01 - itm4n | Recherche de 0days Windows, trois outils, un blog (partie 1)
Twitter:
- mpgn: https://twitter.com/mpgn_x64
- itm4n: https://twitter.com/itm4n
Blog:
Github projects:
- PrivescCheck: https://github.com/itm4n/PrivescCheck
- FullPowers: https://github.com/itm4n/FullPowers
- PrintSpoofer: https://github.com/itm4n/PrintSpoofer
-
Feb 15, 202152:47
0x00 - Pixis | Retour sur lsassy et hackndo.com
Twitter:
Github projects:
- lsassy: https://github.com/Hackndo/lsassy
- pyGPOAbuse: https://github.com/Hackndo/pyGPOAbuse
- sprayhound: https://github.com/Hackndo/sprayhound
- Crackmapexec: https://github.com/byt3bl33d3r/CrackMapExec
- Impacket: https://github.com/SecureAuthCorp/impacket
- Prodump module CME: https://gist.github.com/mpgn/414335dc8a91c39fabcbeb693641e57a
Jan 12, 202153:33