#TypeScript Remote Procedure Call (tRPC) Security Research: Hunting for Vulnerabilities in Modern APIs, a nice read from Borna Nematzadeh: medium.com/@LogicalHunter… Vulnerable tRPC playground: github.com/bnematzadeh/tr…

Thrilled to release my latest research on Apache HTTP Server, revealing several architectural issues! blog.orange.tw/2024/08/confus… Highlights include: ⚡ Escaping from DocumentRoot to System Root ⚡ Bypassing built-in ACL/Auth with just a '?' ⚡ Turning XSS into RCE with legacy code

I have updated the list of custom filters for Logger++. The new additions include: . New API Style (gRPC-Web) . Improved previous filters . Exposed API keys custom filters . New filters for API vulnerabilities github.com/bnematzadeh/Lo…

Project Zero blog: LLMs find 0days now! 👀 And: our fuzzer setup did *not* reproduce it! googleprojectzero.blogspot.com/2024/10/from-n…

Here's a code snippet that as far as I can tell pretty much solves prototype pollution. It's based on github.com/tc39/proposal-…, and after running it you can access an object's prototype with object[Symbol.instanceProto], and object["__proto__"] will be undefined.

I created a small tool to automatically set breakpoints in Chrome using the CDP (Chrome DevTools Protocol). It’s still in beta, but I’m actively working on a complete version.. github.com/m4ll0k/autobre…

Awesome research!🔥

Released a new extension :) - console.info for postMessages from all_frames. - detects the scope of sent messages. - origins that are insecure, will be prefixed with UNSAFE. - detects if a website does not check .origin - MessageChannel API chrome.google.com/webstore/detai…

Just discovered 10 memory corruption vulnerabilities in the popular Mongoose Web Server (11k stars on GitHub) by fuzzing its embedded TLS stack protocol with @aflplusplus. More technical details here: nozominetworks.com/blog/hunting-t…

There is no prize to perfection, only an end to pursuit

🧵 [1/4] Here is our DOMPurify 3.2.1 bypass, using a namespace confusion technique where each element is initially in a “correct” namespace. When it was allowed, the ‘is’ attribute was not handled correctly, making the attribute content’s regex check obsolete. #mXSS #XSS

It's an honor that my research, Exploiting Number Parsers in JS, has been nominated for the Top Ten Web Hacking Techniques of 2024. I discussed how discrepancies in JS number parsers could be used to carry out DoS attacks. If you find it interesting, please vote for it!

Write-up of my v8 bug: Critical type confusion in V8's Turboshaft compiler allowed stale pointers to bypass GC, leading to exploitable memory corruption. Full details + PoC: bushido-sec.com/index.php/2025…

❌ Eliminating almost all exploitable web vulnerabilities? This blog post covers how the Google security team implemented a high-assurance web framework to achieve this goal for its services, and what this framework's most important characteristics are. bughunters.google.com/blog/664431627…

🚨HTTP Request Smuggling in lua-nginx-module!🚨 This affects major proxies like Kong GW, OpenResty, Apache APISIX and many more👀 Check it out: benasin.space/2025/03/18/Ope… Big thanks to James Kettle for his awesome research and for answering all my questions! #bugbounty #bugbountytips

An Introduction to using Artificial Intelligence (AI) for Vulnerability Research x.com/i/broadcasts/1…

"AI Agents for Offsec with Zero False Positives" by Brendan Dolan-Gavitt, a journey on how we managed to get 0 FPs with XBOW. You can find the slides for his BH talk here: cdn.prod.website-files.com/686c11d5bee015…

Google VRP (Google Bug Hunters) disclosed my most impactful client-side report to date: bughunters.google.com/reports/vrp/wG… TL;DR An attacker could've gained access to Gemini Code Assist Tools (GitLab, GitHub etc.) configured by the victim

New Google VRP writeup "XSS in Google IDX Workstation" for a bounty of $22,500 by sudi: sudistark.github.io/2025/07/02/idx…