Sebastian Lekies

@slekies

Tech Lead - Web Application Security Scanning

Zurich, Switzerland
Geregistreerd in oktober 2011
3 foto's en video's Foto's en video's

Tweets

@slekies is geblokkeerd

Weet je zeker dat je deze Tweets wilt bekijken? @slekies wordt niet gedeblokkeerd door Tweets te bekijken.

  1. Vastgemaakte Tweet
    5 jan.

    The full list of CSP bypasses with all known vectors that came up during the recent discussions:

    4 antwoorden 131 retweets 152 vind-ik-leuks
  2. 19 jan.

    Advice to untangle cyber PR: If someone says "we got attacked X times" without exactly saying what "attack" means it's cyber-bullshit.

    2 antwoorden 7 retweets 14 vind-ik-leuks
  3. 18 jan.

    We keep hearing rumors that there'll be an ★Allstars 2017★ during OWASP AppSec EU in Belfast. Maybe there is something to it… cc

    7 retweets 11 vind-ik-leuks
  4. 17 jan.

    There are still free seats for my workshop about Inkscape in Zurich Please RT

    29 retweets 15 vind-ik-leuks
  5. 12 jan.

    And another CSP bypass by :

    1 antwoord 8 retweets 14 vind-ik-leuks
  6. 12 jan.

    How to write a research paper: a guide for software engineers & practitioners. /cc

    6 antwoorden 112 retweets 247 vind-ik-leuks
  7. 10 jan.

    Remove DOM nodes without JavaScript: <svg><animate id=a dur=1 /><circle r=100> <discard begin=a.end xlink:href= /><style id=x>*{fill:red}

    2 antwoorden 60 retweets 146 vind-ik-leuks
  8. 7 jan.

    Another dangling markup vector:

    3 antwoorden 4 retweets 13 vind-ik-leuks
  9. 7 jan.

    5 more CSP bypasses added to the list:

    5 retweets 18 vind-ik-leuks
  10. 6 jan.

    any additional ideas?

  11. 6 jan.

    Framework-specific bypasses are also welcome!

    4 antwoorden 1 vind-ik-leuk
  12. 6 jan.

    Added a few more CSP bypasses to the list. Happy to receive suggestions, ideas and PoCs. Just ping me.

    1 antwoord 7 retweets 12 vind-ik-leuks
  13. 5 jan.

    CC

    1 antwoord 1 vind-ik-leuk
  14. 5 jan.

    CSP-protected HTML injections can probably be used to break same-site cookies to conduct CSRF. (cc , , )

    2 antwoorden 2 retweets 5 vind-ik-leuks
  15. 28 dec. 2016

    Are you ready for life outside the sandbox

    12 retweets 16 vind-ik-leuks
  16. 2 jan.

    Slightly surprised by how many ways there are to mutate HTML without JS! (by )

    5 retweets 31 vind-ik-leuks
  17. 1 jan.

    hah, my CSP nonce bypass:

    3 antwoorden 18 retweets 57 vind-ik-leuks
  18. 31 dec. 2016

    Another type of CSP nonce bypass. FF+Chrome. Works with traditional reflected XSS. Happy new year!

    6 antwoorden 77 retweets 107 vind-ik-leuks
  19. Sebastian Lekies volgt nu , , and 4 others
    • Juan David Parra
      @nopbyte

    • Intent To Ship
      @intenttoship

      I tweet when browser makers announce their intent to ship, change or remove features in their web engines! I was made by .

  20. 29 dec. 2016

    and chrome too, soon!

    1 antwoord 2 retweets 3 vind-ik-leuks

@slekies heeft nog niet getweet.

Het laden lijkt wat langer te duren.

Twitter is mogelijk overbelast of ondervindt een tijdelijke onderbreking. Probeer het opnieuw of bekijk de Twitter-status voor meer informatie.

    Je bent misschien ook geïnteresseerd in

    ·