Talking about things before they become dangerous
Hi ! I’m 7h30th3r0n3, let’s talk about cybersecurity !
Articles
-
Writeup IA BreizhCTF 2026
BreizhCTF 2026 – Writeups techniques Cryptographie Allo Papa Tango Charlie – 465pts Catégorie : Crypto | Difficulté : Facile Analyse. Le service (allo_papa_tango_charlie.py) chiffre le flag via un XOR cumulé : à la position i, après strength itérations, le masque appliqué est KEY[i] ⊕ KEY[i-1] ⊕ … ⊕ KEY[i-(strength-1)] (indices mod n, avec n =…
-
Le deuxième acte : la chimère au BreizhCTF
Cet article est la suite directe de mon retex sur le stunt au 404CTF 2026 : Le contexte, le setup technique de la chimère et le débat de fond sont dans le premier. Ici je me concentre sur ce qui change quand on rejoue à un autre format, sur un autre événement, dans un autre cadre vis-à-vis…
-
Writeup IA 404CTF 2026
Technical breakdown of each solved challenge – sorted by category → Retrospective / discussion: 404CTF 2026 – Technical Write-ups Web Security Wall Of Patents – 489pts 🩸 Category: Web | Difficulty: Medium | First Blood Analysis. Web challenge solved early in the session. First blood confirmed by the organizers on Discord. Flag: not documented in…
-
L’éléphant dans la salle : le stunt IA au 404CTF
Le 16 mai au soir, j’ai pris la première place du 404CTF – le CTF francais co-organisé par la DGSE et Télécom SudParis – en 2h24. 21 challenges. 7000+ points. 3500 d’avance sur le deuxième. 6 first bloods. Deux heures plus tard, les gentils orgas ont envoyé une annonce @everyone rappelant que l’usage de l’IA…
-
Googled Codex, got mp3 malware instead.
A Sunday morning, a friend, and a mp3 malware file I was pouring my first coffee of the morning this Sunday when my phone buzzed. A friend had sent me a screenshot with a message that went something like: « I think I ran malware but Windows Defender blocked it… am I good? » if it happens…
-
The vulnerability that killed FreeWifi_Secure
TL;DR While experimenting with the Evil-M5Project near my own Freebox and smartphone, I stumbled across a vulnerability in FreeWifi_Secure. It turns out that the Free Mobile subscriber devices that leak their IMSI in cleartext during EAP-SIM authentication. This means that anyone within Wi-Fi range could passively capture the IMSI of Free Mobile users. No RCE,…
-
How I hacked hackers at LeHack 2025
TL;DR At LeHack 2025, I deployed a rig of 8x ESP32-C3 + 2 CardPuters running Evil-M5Project to perform Karma Wi-Fi attacks using real-world SSIDs taken on Wigle. This setup can handle 100 connections at same time. Victims saw an educational captive portal no exploitation, just awareness. I even karma’d a speaker live on stage. Hackers…
-
Demystify 🐉 Kali GPT
Introduction Kali GPT has been making waves lately. Claimed as a game-changer for red teamers and ethical hackers, it’s been hyped across forums, Discord servers, and LinkedIn. Some call it the future of offensive AI. Others aren’t so sure and claim it’s just already existed since the beginning of ChatGPT.So what is Kali GPT, exactly?…
-
Evil-M5Project – RTFM
https://github.com/7h30th3r0n3/Evil-M5Core2 Introduction Evil-M5Core2 is an innovative tool developed for ethical testing and exploration of WiFi networks. It harnesses the power of the M5Core2 device to scan, monitor, and interact with WiFi networks in a controlled environment. This project is designed for educational purposes, aiding in understanding network security and vulnerabilities. Disclaimer The creator of Evil-M5Core2…
-
Does your Machine have a Good or Bad Karma?
Introduction to the Karma Attack The Karma Attack represents a sophisticated yet alarmingly straightforward cyber exploitation technique. It banks on the commonplace and often overlooked behavior of wireless devices like smartphones, laptops, and tablets, which are programmed for convenience but inadvertently create a security loophole. The Basic Functionality of Wireless Devices To understand the mechanics…