Sebastian Lekies

@slekies

Tech Lead - Web Application Security Scanning

Zurich, Switzerland
Bergabung Oktober 2011
3 Foto dan video Foto dan video

Tweet

@slekies diblokir

Yakin ingin melihat Tweet ini? Melihat Tweet tidak akan membuka blokir @slekies.

  1. Tweet Sematan
    5 Jan

    The full list of CSP bypasses with all known vectors that came up during the recent discussions:

    4 balasan 131 retweet 152 suka
  2. 19 Jan

    Advice to untangle cyber PR: If someone says "we got attacked X times" without exactly saying what "attack" means it's cyber-bullshit.

    2 balasan 7 retweet 14 suka
  3. 18 Jan

    We keep hearing rumors that there'll be an ★Allstars 2017★ during OWASP AppSec EU in Belfast. Maybe there is something to it… cc

    7 retweet 11 suka
  4. 17 Jan

    There are still free seats for my workshop about Inkscape in Zurich Please RT

    29 retweet 15 suka
  5. 12 Jan

    And another CSP bypass by :

    1 balasan 8 retweet 14 suka
  6. 12 Jan

    How to write a research paper: a guide for software engineers & practitioners. /cc

    6 balasan 112 retweet 247 suka
  7. 10 Jan

    Remove DOM nodes without JavaScript: <svg><animate id=a dur=1 /><circle r=100> <discard begin=a.end xlink:href= /><style id=x>*{fill:red}

    2 balasan 60 retweet 146 suka
  8. 7 Jan

    Another dangling markup vector:

    3 balasan 4 retweet 13 suka
  9. 7 Jan

    5 more CSP bypasses added to the list:

    5 retweet 18 suka
  10. 6 Jan

    any additional ideas?

  11. 6 Jan

    Framework-specific bypasses are also welcome!

    4 balasan 1 suka
  12. 6 Jan

    Added a few more CSP bypasses to the list. Happy to receive suggestions, ideas and PoCs. Just ping me.

    1 balasan 7 retweet 12 suka
  13. 5 Jan

    CC

    1 balasan 1 suka
  14. 5 Jan

    CSP-protected HTML injections can probably be used to break same-site cookies to conduct CSRF. (cc , , )

    2 balasan 2 retweet 5 suka
  15. 28 Des 2016

    Are you ready for life outside the sandbox

    12 retweet 16 suka
  16. 2 Jan

    Slightly surprised by how many ways there are to mutate HTML without JS! (by )

    5 retweet 31 suka
  17. 1 Jan

    hah, my CSP nonce bypass:

    3 balasan 18 retweet 57 suka
  18. 31 Des 2016

    Another type of CSP nonce bypass. FF+Chrome. Works with traditional reflected XSS. Happy new year!

    6 balasan 77 retweet 107 suka
  19. Sebastian Lekies mengikuti , , and 4 others
    • Juan David Parra
      @nopbyte

    • Intent To Ship
      @intenttoship

      I tweet when browser makers announce their intent to ship, change or remove features in their web engines! I was made by .

  20. 29 Des 2016

    and chrome too, soon!

    1 balasan 2 retweet 3 suka

@slekies masih belum menge-Tweet.

Pemuatan tampaknya berlangsung agak lama.

Twitter sedang kelebihan beban atau mengalami sedikit masalah. Coba lagi atau kunjungi Status Twitter untuk informasi lebih lanjut.

    Mungkin Anda juga suka

    ·