🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

#Security_Tokyo の発表資料を公開しました。最近よく見るクライアントサイドのパストラバーサルと、いつまで経ってもよく見るpostMessage経由の脆弱性について話しました。聴いてくださった皆様ありがとうございました！ speakerdeck.com/masatokinugawa…

🔥Multiple XSS vulnerabilities in popular CMS Joomla! (CVE-2024-21726) 🔥 PHP bug could be used to bypass sanitization - We just disclosed the technical details behind the recent Joomla vulnerability: sonarsource.com/blog/joomla-mu…

Check out my write-up on a seemingly harmless and limited send() in GitHub (CVE-2024-0200) and how it could be used to obtain environment variables from a production container and to achieve remote code execution in GitHub Enterprise Server: starlabs.sg/blog/2024/04-s…

どうしても無理な場合、RKを召喚する（定期）

HTML、なんも分からん。

こういうのが一番楽しい spaceraccoon.dev/analyzing-clip…

just finished a new blogpost on how i exploited the V8 javascript engine at a CTF! it's a beginner friendly journey from a memory corruption to a browser pwn, and features lots of cool CSS to help you understand various concepts along the way. have fun!! lyra.horse/blog/2024/05/e…

New blog! This time a high severity session takeover in Zoom worth $15,000. Read the story of how sudi , BrunoZero and I chained 2 completely useless XSS vulns to steal OAuth tokens, hijack browser permissions, and more: nokline.github.io/bugbounty/2024…

眠すぎてエミネムでフリースタイルナップバトル確定

happy to release my new article entitled: Next.js and cache poisoning: a quest for the black hole zhero-web-sec.github.io/research-and-t… good reading;

やっぱ行くか、ベガス

You can use baseURI to conceal XSS payloads! Every HTML tag has the baseURI property. Base allows you to change the baseURI.

I love crossover bugs that go between web/mobile/native because there's so much strange interactions that occur and a lot can go wrong - this research was another result of this! spaceraccoon.dev/universal-code…

public programとか関係なく、bug bounty激ヤバ脆弱性を無限に刺せる人々がいるようです（今日だけで3人確認） 頑張れば見つけられるんやな、と嬉しくなったため頑張ります

Omar Zaki aka brainded is now banned from Immunefi. Their response to a valid report was to first ignore it for months, then claim that I got access by hacking GitHub, Hetzner, or one of their employees. Then after a more overt PoC per their request they went back to ignoring it.

Due to this change: groups.google.com/a/chromium.org… now Chrome 130 also parses non-special scheme URLs including javascript: URLs "correctly", like the attached image.

new blogpost time!! this one's a fun writeup on a vulnerability chain i found across multiple google services that earned me a $4133.70 bounty lots of fun css as usual! i had to recreate a bunch of drive/docs/gmail/youtube UIs c: have fun! lyra.horse/blog/2024/09/u…

I published a blog post about two XSS vulnerabilities I found in Excalidraw that were affecting Meta. elmehdi.me/2024/10/25/xss…

I'm thrilled to finally share my research on HTML parsing and DOMPurify at @GreHack 2024 📜 The research article is available here: mizu.re/post/exploring… The slides are available here: slides.com/kevin-mizu/gre… 1/3

I'm a hacker and AI researcher who has reported vulnerabilities to OpenAI, Google, and others. I wrote this guide as a reference of all of the ways that you can hack AI. It has saved me hours. Bookmark this if you need a reference for what all to try (AND includes mitigations).