Sebastian Lekies

@slekies

Tech Lead - Web Application Security Scanning

Zurich, Switzerland
2011(e)ko urriak(e)tik Twitterren
3 Argazki edo bideo Argazkiak eta bideoak

Txioak

@slekies blokeatuta dago

Ziur zaude Txio hauek ikusi nahi dituzula? Txioak ikusteak ez du @slekies desblokeatuko.

  1. Finkatutako Txioa
    urt. 5

    The full list of CSP bypasses with all known vectors that came up during the recent discussions:

    4 erantzun 131 bertxio 152 atsegin
  2. urt. 19

    Advice to untangle cyber PR: If someone says "we got attacked X times" without exactly saying what "attack" means it's cyber-bullshit.

    2 erantzun 7 bertxio 14 atsegin
  3. urt. 18

    We keep hearing rumors that there'll be an ★Allstars 2017★ during OWASP AppSec EU in Belfast. Maybe there is something to it… cc

    7 bertxio 11 atsegin
  4. urt. 17

    There are still free seats for my workshop about Inkscape in Zurich Please RT

    29 bertxio 15 atsegin
  5. urt. 12

    And another CSP bypass by :

    Erantzun 1 8 bertxio 14 atsegin
  6. urt. 12

    How to write a research paper: a guide for software engineers & practitioners. /cc

    6 erantzun 112 bertxio 247 atsegin
  7. urt. 10

    Remove DOM nodes without JavaScript: <svg><animate id=a dur=1 /><circle r=100> <discard begin=a.end xlink:href= /><style id=x>*{fill:red}

    2 erantzun 60 bertxio 146 atsegin
  8. urt. 7

    Another dangling markup vector:

    3 erantzun 4 bertxio 13 atsegin
  9. urt. 7

    5 more CSP bypasses added to the list:

    5 bertxio 18 atsegin
  10. urt. 6

    any additional ideas?

  11. urt. 6

    Framework-specific bypasses are also welcome!

    4 erantzun Atsegin 1
  12. urt. 6

    Added a few more CSP bypasses to the list. Happy to receive suggestions, ideas and PoCs. Just ping me.

    Erantzun 1 7 bertxio 12 atsegin
  13. urt. 5

    CC

    Erantzun 1 Atsegin 1
  14. urt. 5

    CSP-protected HTML injections can probably be used to break same-site cookies to conduct CSRF. (cc , , )

    2 erantzun 2 bertxio 5 atsegin
  15. 2016 abe. 28

    Are you ready for life outside the sandbox

    12 bertxio 16 atsegin
  16. urt. 2

    Slightly surprised by how many ways there are to mutate HTML without JS! (by )

    5 bertxio 31 atsegin
  17. urt. 1

    hah, my CSP nonce bypass:

    3 erantzun 18 bertxio 57 atsegin
  18. 2016 abe. 31

    Another type of CSP nonce bypass. FF+Chrome. Works with traditional reflected XSS. Happy new year!

    6 erantzun 77 bertxio 107 atsegin
  19. Sebastian Lekies(e)k jarraitu du: , , and 4 others
    • Juan David Parra
      @nopbyte

    • Intent To Ship
      @intenttoship

      I tweet when browser makers announce their intent to ship, change or remove features in their web engines! I was made by .

  20. 2016 abe. 29

    and chrome too, soon!

    Erantzun 1 2 bertxio 3 atsegin

@slekies(e)k ez du oraindik Txiokatu

Badirudi kargak luze hartuko duela.

Baliteke Twitterren kapazitatez gaindi egotea edo momentuko gainkarga bat izatea. Berriro saiatu edo Twitterren Egoera ikusi informazio gehiagorako.

    Agian hau ere gustuko duzu

    ·