Sebastian Lekies

@slekies

Tech Lead - Web Application Security Scanning

Zurich, Switzerland
Uniuse en outubro 2011
3 Fotos ou vídeos Fotos e vídeos

Chíos

Bloqueaches a @slekies

Estás seguro de querer ver estes chíos? Velos non desbloqueará a @slekies.

  1. Chío pegado
    5 xan

    The full list of CSP bypasses with all known vectors that came up during the recent discussions:

    4 respostas 131 rechouchíos 152 gústames
  2. 19 xan

    Advice to untangle cyber PR: If someone says "we got attacked X times" without exactly saying what "attack" means it's cyber-bullshit.

    2 respostas 7 rechouchíos 14 gústames
  3. 18 xan

    We keep hearing rumors that there'll be an ★Allstars 2017★ during OWASP AppSec EU in Belfast. Maybe there is something to it… cc

    7 rechouchíos 11 gústames
  4. 17 xan

    There are still free seats for my workshop about Inkscape in Zurich Please RT

    29 rechouchíos 15 gústames
  5. 12 xan

    And another CSP bypass by :

    1 resposta 8 rechouchíos 14 gústames
  6. 12 xan

    How to write a research paper: a guide for software engineers & practitioners. /cc

    6 respostas 112 rechouchíos 247 gústames
  7. 10 xan

    Remove DOM nodes without JavaScript: <svg><animate id=a dur=1 /><circle r=100> <discard begin=a.end xlink:href= /><style id=x>*{fill:red}

    2 respostas 60 rechouchíos 146 gústames
  8. 7 xan

    Another dangling markup vector:

    3 respostas 4 rechouchíos 13 gústames
  9. 7 xan

    5 more CSP bypasses added to the list:

    5 rechouchíos 18 gústames
  10. 6 xan

    any additional ideas?

  11. 6 xan

    Framework-specific bypasses are also welcome!

    4 respostas 1 gústame
  12. 6 xan

    Added a few more CSP bypasses to the list. Happy to receive suggestions, ideas and PoCs. Just ping me.

    1 resposta 7 rechouchíos 12 gústames
  13. 5 xan

    CC

    1 resposta 1 gústame
  14. 5 xan

    CSP-protected HTML injections can probably be used to break same-site cookies to conduct CSRF. (cc , , )

    2 respostas 2 rechouchíos 5 gústames
  15. 28 dec, 2016

    Are you ready for life outside the sandbox

    12 rechouchíos 16 gústames
  16. 2 xan

    Slightly surprised by how many ways there are to mutate HTML without JS! (by )

    5 rechouchíos 31 gústames
  17. 1 xan

    hah, my CSP nonce bypass:

    3 respostas 18 rechouchíos 57 gústames
  18. 31 dec, 2016

    Another type of CSP nonce bypass. FF+Chrome. Works with traditional reflected XSS. Happy new year!

    6 respostas 77 rechouchíos 107 gústames
  19. Sebastian Lekies seguiu a , , and 4 others
    • Juan David Parra
      @nopbyte

    • Intent To Ship
      @intenttoship

      I tweet when browser makers announce their intent to ship, change or remove features in their web engines! I was made by .

  20. 29 dec, 2016

    and chrome too, soon!

    1 resposta 2 rechouchíos 3 gústames

@slekies hasn't Tweeted yet.

Parece que a carga tarda un chisco

É posible que o Twitter estea por riba da súa capacidade ou teña un impo momentáneo. Téntao de novo ou visita o Estado do Twitter para obter máis información.

    Tamén che pode gustar

    ·