Vincent Herbulot (Security Researcher, Synacktiv)
Vincent is a Security Researcher at Synacktiv, where he performs vulnerability research and penetration testing across diverse environments. With over a decade of experience, he has conducted a wide range of security assessments, placing a primary focus on web application security. Vincent is dedicated to sharing his expertise and has led multiple training sessions, helping security professionals enhance their skills in this critical area.
X: @us3r777
LinkedIn: https://www.linkedin.com/in/vincent-herbulot/
Session
URL fuzzing is a critical step in penetration testing, yet its effectiveness often hinges on the quality of wordlists. Publicly available lists frequently suffer from missing critical entries, poor sorting, lack of modularity, and irrelevant content, leading to inefficient scans and missed vulnerabilities.
This talk introduces a methodology for building better wordlists, along with a tool, Dicozorus, designed to support this process by providing a robust system for generating, managing, and curating high-quality fuzzing wordlists.
Dicozorus relies on a database that stores entries with rich metadata (severity, type, category, tags, references), enabling the creation of tailored wordlists based on context such as scope, network performance, or stealth requirements. Used internally for over five years, it has significantly improved wordlist quality and revealed numerous critical vulnerabilities absent from popular lists.
Dicozorus provides both a curated compilation of entries for immediate use as well as the ability for professionals to maintain custom, effective datasets.
The tool will be made publicly available on Synacktiv’s GitHub repository ahead of the conference.