Sebastian Lekies

@slekies

Tech Lead - Web Application Security Scanning

Zurich, Switzerland
Tilmeldt oktober 2011
3 billeder og videoer Billeder og videoer

Tweets

@slekies er blokeret

Er du sikker på, at du vil vise disse tweets? At vise tweets vil ikke fjerne blokering af @slekies.

  1. Fastgjort tweet
    5. jan.

    The full list of CSP bypasses with all known vectors that came up during the recent discussions:

    4 svar 131 retweets 152 likes
  2. 19. jan.

    Advice to untangle cyber PR: If someone says "we got attacked X times" without exactly saying what "attack" means it's cyber-bullshit.

    2 svar 7 retweets 14 likes
  3. 18. jan.

    We keep hearing rumors that there'll be an ★Allstars 2017★ during OWASP AppSec EU in Belfast. Maybe there is something to it… cc

    7 retweets 11 likes
  4. 17. jan.

    There are still free seats for my workshop about Inkscape in Zurich Please RT

    29 retweets 15 likes
  5. 12. jan.

    And another CSP bypass by :

    1 svar 8 retweets 14 likes
  6. 12. jan.

    How to write a research paper: a guide for software engineers & practitioners. /cc

    6 svar 112 retweets 247 likes
  7. 10. jan.

    Remove DOM nodes without JavaScript: <svg><animate id=a dur=1 /><circle r=100> <discard begin=a.end xlink:href= /><style id=x>*{fill:red}

    2 svar 60 retweets 146 likes
  8. 7. jan.

    Another dangling markup vector:

    3 svar 4 retweets 13 likes
  9. 7. jan.

    5 more CSP bypasses added to the list:

    5 retweets 18 likes
  10. 6. jan.

    any additional ideas?

  11. 6. jan.

    Framework-specific bypasses are also welcome!

    4 svar 1 like
  12. 6. jan.

    Added a few more CSP bypasses to the list. Happy to receive suggestions, ideas and PoCs. Just ping me.

    1 svar 7 retweets 12 likes
  13. 5. jan.

    CC

    1 svar 1 like
  14. 5. jan.

    CSP-protected HTML injections can probably be used to break same-site cookies to conduct CSRF. (cc , , )

    2 svar 2 retweets 5 likes
  15. 28. dec. 2016

    Are you ready for life outside the sandbox

    12 retweets 16 likes
  16. 2. jan.

    Slightly surprised by how many ways there are to mutate HTML without JS! (by )

    5 retweets 31 likes
  17. 1. jan.

    hah, my CSP nonce bypass:

    3 svar 18 retweets 57 likes
  18. 31. dec. 2016

    Another type of CSP nonce bypass. FF+Chrome. Works with traditional reflected XSS. Happy new year!

    6 svar 77 retweets 107 likes
  19. Sebastian Lekies fulgte , , and 4 others
    • Juan David Parra
      @nopbyte

    • Intent To Ship
      @intenttoship

      I tweet when browser makers announce their intent to ship, change or remove features in their web engines! I was made by .

  20. 29. dec. 2016

    and chrome too, soon!

    1 svar 2 retweets 3 likes

@slekies har ikke tweetet endnu.

Indlæsning ser ud til at tage noget tid.

Twitter kan være overbelastet eller have en midlertidig forstyrrelse. Prøv igen, eller se flere oplysninger på Twitter Status.

    Du vil måske også kunne lide

    ·