Sebastian Lekies

@slekies

Tech Lead - Web Application Security Scanning

Zurich, Switzerland
Participa desde outubro de 2011
3 Fotos e vídeos Fotos e vídeos

Tweets

@slekies está bloqueado

Tem certeza de que deseja ver estes Tweets? Visualizar os Tweets não desbloqueará @slekies.

  1. Tweet Fixado
    5 de jan

    The full list of CSP bypasses with all known vectors that came up during the recent discussions:

    4 respostas 131 retweets 152 curtiram
  2. 19 de jan

    Advice to untangle cyber PR: If someone says "we got attacked X times" without exactly saying what "attack" means it's cyber-bullshit.

    2 respostas 7 retweets 14 curtiram
  3. 18 de jan

    We keep hearing rumors that there'll be an ★Allstars 2017★ during OWASP AppSec EU in Belfast. Maybe there is something to it… cc

    7 retweets 11 curtiram
  4. 17 de jan

    There are still free seats for my workshop about Inkscape in Zurich Please RT

    29 retweets 15 curtiram
  5. 12 de jan

    And another CSP bypass by :

    1 resposta 8 retweets 14 curtiram
  6. 12 de jan

    How to write a research paper: a guide for software engineers & practitioners. /cc

    6 respostas 112 retweets 247 curtiram
  7. 10 de jan

    Remove DOM nodes without JavaScript: <svg><animate id=a dur=1 /><circle r=100> <discard begin=a.end xlink:href= /><style id=x>*{fill:red}

    2 respostas 60 retweets 146 curtiram
  8. 7 de jan

    Another dangling markup vector:

    3 respostas 4 retweets 13 curtiram
  9. 7 de jan

    5 more CSP bypasses added to the list:

    5 retweets 18 curtiram
  10. 6 de jan

    any additional ideas?

  11. 6 de jan

    Framework-specific bypasses are also welcome!

    4 respostas 1 curtiu
  12. 6 de jan

    Added a few more CSP bypasses to the list. Happy to receive suggestions, ideas and PoCs. Just ping me.

    1 resposta 7 retweets 12 curtiram
  13. 5 de jan

    CC

    1 resposta 1 curtiu
  14. 5 de jan

    CSP-protected HTML injections can probably be used to break same-site cookies to conduct CSRF. (cc , , )

    2 respostas 2 retweets 5 curtiram
  15. 28 de dez de 2016

    Are you ready for life outside the sandbox

    12 retweets 16 curtiram
  16. 2 de jan

    Slightly surprised by how many ways there are to mutate HTML without JS! (by )

    5 retweets 31 curtiram
  17. 1 de jan

    hah, my CSP nonce bypass:

    3 respostas 18 retweets 57 curtiram
  18. 31 de dez de 2016

    Another type of CSP nonce bypass. FF+Chrome. Works with traditional reflected XSS. Happy new year!

    6 respostas 77 retweets 107 curtiram
  19. Sebastian Lekies seguiu , , and 4 others
    • Juan David Parra
      @nopbyte

    • Intent To Ship
      @intenttoship

      I tweet when browser makers announce their intent to ship, change or remove features in their web engines! I was made by .

  20. 29 de dez de 2016

    and chrome too, soon!

    1 resposta 2 retweets 3 curtiram

@slekies ainda não tweetou.

O carregamento parece estar demorando.

O Twitter deve estar sobrecarregado ou passando por algum problema momentâneo. Tente novamente ou acesse o Status do Twitterpara obter mais informações.

    Você também pode gostar

    ·