Did you know that JS supports shebang as a comment, and that multiline comments change behaviour depending on what they contain? Is there more?avlidienbrunn.se/jscomments.php

So the implementation for the challenge was not great (my bad!) but I did see some interesting answers, as well as the one I expected to see: "location.href = '//redirect.away'; while (1) {}" You must ask yourself - "An infinite loop? How would that work?" Great question 🧵:

I have finally done my first proper bug write-up! This one is about a SOP bypass in Chrome (escalated to ATO) using the Navigation API. Hope someone finds it interesting. Feel free to leave me any comments; I want to improve on this! joaxcar.com/blog/2023/10/0…

I haven't played CTF for a while cause I am busy with other stuff like new job and moving to a new place(I am in Tokyo now!). But I still see some interesting challenges on twitter from time to time and really want to take a note, so here is it blog.huli.tw/2023/12/03/en/…

This tweet reminded me of a time when I was hacking on Apple's bug bounty program. I found, of all things, a base64 encoded Harry Potter quote on an internal iCloud account debug and administration page. This is the first time I'm sharing this, as more than 90 days have passed

Reversing and Tooling a Signed Request Hash in Obfuscated JavaScript buer.haus/2024/01/16/rev… Thanks to HackingHub for putting together a lab to learn more about it: app.hackinghub.io/surl

I've built a brand new version of my fuzzing tool Shazzer🚀 shazzer.co.uk - Easy fuzz browser behaviour - Find bugs - Share the results with the world

Solution to WMCTF2020's Make PHP Great Again 2.0, or how to use filters with `require_once` ­— dustri.org/b/solution-to-…

My talk for Insomni'hack is now available on youtube! Hope you'll enjoy it! :D youtu.be/Sm4G6cAHjWM

Just released the write-up for CVE-2024-4367, a bug I found recently in PDF.js (and hence in Firefox), resulting in arbitrary JavaScript execution when opening a malicious PDF. codeanlabs.com/blog/research/…

found an interesting way to read text placed on the closed shadow DOM github.com/LavaMoat/LavaD…

I recently developed and posted about a technique called "First sequence sync", expanding James Kettle's single packet attack. This technique allowed me to send 10,000 requests in 166ms, which breaks the packet size limitation of the single packet attack. flatt.tech/research/posts…

#𝗞𝗮𝗹𝗺𝗮𝗿𝗖𝗧𝗙 𝟮𝟬𝟮𝟱 𝗶𝘀 𝗷𝘂𝘀𝘁 𝗮𝗿𝗼𝘂𝗻𝗱 𝘁𝗵𝗲 𝗰𝗼𝗿𝗻𝗲𝗿 - 𝗰𝗼𝗺𝗲 𝗰𝗼𝗺𝗽𝗲𝘁𝗲 𝘄𝗶𝘁𝗵 𝘁𝗵𝗲 𝗯𝗲𝘀𝘁 𝗰𝗼𝗺𝗽𝗲𝘁𝗶𝘁𝗶𝘃𝗲 𝗵𝗮𝗰𝗸𝗲𝗿𝘀 𝗳𝗿𝗼𝗺 𝗮𝗿𝗼𝘂𝗻𝗱 𝘁𝗵𝗲 𝘄𝗼𝗿𝗹𝗱 𝗮𝗻𝗱 𝘄𝗶𝗻 𝗴𝗿𝗲𝗮𝘁 𝗽𝗿𝗶𝘇𝗲𝘀! (6x IDAPro from Hex-Rays SA) #CTF

Today I used a technique that’s probably not widely known in the community. In what cases could code like this lead to a vulnerability? ->

My new research Escalation of Self-XSS to XSS using modern browser capabilities. blog.slonser.info/posts/make-sel…

I'm happy to release a script gadgets wiki inspired by the work of Sebastian Lekies, koto, and Eduardo Vela in their Black Hat USA 2017 talk! 🔥 The goal is to provide quick access to gadgets that help bypass HTML sanitizers and CSPs 👇 gmsgadget.com 1/4