Offensive IT security
Joined February 2013
- Tweets 227
- Following 149
- Followers 2,062
- Likes 119
23 Photos and videos
Pinned Tweet
27 Oct 2025
🔔 New research from Lexfo on pre- & post-authentication vulnerabilities in WSO2 products — uncovering bypasses, RCE, SSRF, CSRF, and account-takeover risks. See our detail article → blog.lexfo.fr/wso2.html
#cybersecurity #infosec #offensivesecurity #pentest #WSO2
15
62
6,418
Lexfo retweeted
May 28
🔓 On an asset under our continuous monitoring, our pentester @nol_tech turned a SELECT-only PostgreSQL SQLi in Drupal (CVE-2026-9082) into a full RCE when DB role is superuser. Details below 👇
📝 blog.lexfo.fr/drupal-postgre…
🛠️ github.com/ambionics/cve-202…
#Drupal #PostgreSQL #RCE #SQLi
2
20
66
8,554
Apr 16
Congratulations to our pentester @nol_tech on placing 2nd in the Web Senior category at the #FCSC2026 qualifications, with a score of 3,616 points.
This kind of result speaks for itself. Best of luck for the next rounds! 🍀
#CTF #Cybersecurity
4
11
648
Lexfo retweeted
Apr 10
🚨 Critical File Upload to RCE in @NinjaForms File Uploads @WordPress plugin (CVE-2026-0740)!
Deep dive & PoC:
👉blog.lexfo.fr/ninja-forms-up…
🔍By @whattheslime from @Ambionics CTEM solution
🛡️Patch available (v3.3.27) — Update now!
#WordPress #RCE #InfoSec #CyberSecurity #CVE
2
26
66
6,444
3 Nov 2025
🚨 New post on blog.lexfo.fr: how to sniff BLE communications with an SDR (e.g. HackRF One) — the challenges of frequency hopping and strengths of the SDR approach for security researchers. Read it ➜ blog.lexfo.fr/sniffing-ble-s…
#BLE #SDR #Security
7
14
1,023
Lexfo retweeted
16 Jul 2025
👾🔒New Analysis: Secp0 Ransomware! 🚨
Our CTI team with our CSIRT, has analyzed the Secp0 ransomware. It operates as double-extortion ransomware, encrypting data and threatening public disclosure, targeting Linux systems.
All the details in our report : blog.lexfo.fr/analysis-of-se…
1
7
8
1,822
16 Jul 2025
👾🔒New Analysis: Secp0 Ransomware! 🚨
Our CTI team with our CSIRT, has analyzed the Secp0 ransomware. It operates as double-extortion ransomware, encrypting data and threatening public disclosure, targeting Linux systems.
All the details in our report : blog.lexfo.fr/analysis-of-se…
1
7
8
1,822
28 Jul 2025
Update: Our CSIRT has refined the YARA rule featured in the article to enhance its precision for threat hunting
1
1
288
Lexfo retweeted
8 Jul 2025
🚀 Huge thanks to @cfreal_ for the threading PR.
Lightyear is now faster than ever! We truly appreciate continued contributions.
If you haven’t yet, give lightyear a try and see the difference yourself!
#opensource #lightyear #performance #php #pentest #infosec #cybersecurity
23 Jun 2025
lightyear just got 6 times faster!
Although I now work at @Synacktiv, I proposed a PR for the tool to support threading and compression, greatly reducing the time required to dump a file.
Dumping the demo /etc/passwd now takes 48s instead of 5m30.
github.com/ambionics/lightye…
2
10
1,181
22 May 2025
🌍 World Leaks: an extortion platform 🚨
Our CTI team produced an analysis of World Leaks. The article covers its origins, operational challenges, and collaborations with other threat actors.
blog.lexfo.fr/world-leaks-an…
#ThreatIntelligence #WorldLeaks #CTI
2
5
731
18 Mar 2025
Ambionics Security, our continuous pentest service, has just published details concerning a pre-authentication RCE on GLPI (CVE-2025-2479 and CVE-2025-24801) found by our experts.
Patch immediately to protect your environment. If you have any questions, contact us today.
18 Mar 2025
GLPI, an open-source IT service management software suite, has released version 10.0.18, addressing two critical vulnerabilities found by our experts : an SQL injection (CVE-2025-24799) and a remote code execution (CVE-2025-24801). Checkout our blog post: blog.lexfo.fr/glpi-sql-to-rc….
1
5
530
12 Mar 2025
Check out this new interesting php research by PT Swarm ! Using some of @ambionics, our Continuous Pentesting Service, tools !
12 Mar 2025
New #PHP research by @ptswarm ! Using our tools wrapwrap (github.com/ambionics/wrapwra…) and our latest one lightyear (github.com/ambionics/lightye…) developed by @cfreal_ ! #php #xxe #infosec #CyberSecurity
2
368
4 Mar 2025
Dans le cadre de nos enquêtes sur la fraude, l'équipe CTI de Lexfo a découvert un réseau de boutiques en ligne vendant de faux documents, directement accessibles sur le web.
1
3
413
4 Mar 2025
Grâce à des techniques d'OSINT, nous avons identifié des similitudes frappantes entre ces sites, révélant des liens avec des acteurs communs. Découvrez comment nous avons démêlé ce réseau et les résultats surprenants de notre investigation !blog.lexfo.fr/the-business-o…
1
3
298
29 Jan 2025
Lundi nous évoquions le classement des techniques de hacking 2024 réalisé par @PortSwigger .
Deuxième technique mise en avant dans le classement et issue de la R&D de nos équipes : IconV
1
276
29 Jan 2025
Cette technique qui s'appuie sur une vulnérabilité dans GLIBC pour exécuter du code dans une application PHP.
Pour en savoir plus rendez vous sur notre blog : ambionics.io/blog/iconv-cve-…
1
192
27 Jan 2025
Chaque année @PortSwigger réalise le top 10 des nouvelles techniques de hacking.
lnkd.in/e3jxmQZ9
Cette année 2 techniques développé par les équipes Lexfo apparaissent dans la liste des nominées
1
1
215
27 Jan 2025
On commence avec Lightyear : Les équipes Ambionics Security ont créé LIGHTYEAR, qui vous permet d'exploiter les failles de type lecture de fichier à l'aveugle en PHP, bien plus efficacement qu'à l'accoutumée.
1
1
153
27 Jan 2025
Tous les détails dans l'article sur notre blog : lnkd.in/eqRKQws
Et retrouvez l'outil sur notre GitHub: lnkd.in/emc4XnEQ
1
153
2 Jan 2025
2025 : Notre industrie évolue, nos ambitions grandissent ! 🎯
L'équipe LEXFO continue d'innover pour votre sécurité 🛡️ #Cybersécurité #BonneAnnée2025
2
273