@[email protected] @SecurityMB
Improving the world’s security at Google. Opinions are mine. bentkowski.info Zurich, Switzerland Joined September 2014-
Tweets1K
-
Followers10K
-
Following288
-
Likes927
Here is a 72-byte alphanum MD5 collision with 1-byte difference for fun: md5("TEXTCOLLBYfGiJUETHQ4hAcKSMd5zYpgqf1YRDhkmxHkhPWptrkoyz28wnI9V0aHeAuaKnak") = md5("TEXTCOLLBYfGiJUETHQ4hEcKSMd5zYpgqf1YRDhkmxHkhPWptrkoyz28wnI9V0aHeAuaKnak")
Jeśli nie słuchacie podcastu @RadioNaukowe, to serdecznie polecam. A zwłaszcza ostatni odcinek z debatą oksfordzką na temat: „Kiedyś to było” 😀
Jeśli nie słuchacie podcastu @RadioNaukowe, to serdecznie polecam. A zwłaszcza ostatni odcinek z debatą oksfordzką na temat: „Kiedyś to było” 😀
Looking to make your Go applications safer than ever? Learn more about three new open source libraries that will help you avoid entire classes of vulnerabilities: SafeText, SafeOpen, and SafeArchive. bughunters.google.com/blog/492506820…
This is a supercool bypass! Namespace switching can still be harmful Also thanks for many shoutouts 😄
This is a supercool bypass! Namespace switching can still be harmful Also thanks for many shoutouts 😄
This behavior can have security consequences [1] and is surprisingly common [2]. It's known as DOM Clobbering. Maybe one day we can protect the web platform from it somehow 🤔 [1] research.securitum.com/xss-in-amp4ema… [2] chromestatus.com/metrics/featur…
This behavior can have security consequences [1] and is surprisingly common [2]. It's known as DOM Clobbering. Maybe one day we can protect the web platform from it somehow 🤔 [1] research.securitum.com/xss-in-amp4ema… [2] chromestatus.com/metrics/featur…
Because of the migration of Chromium bug tracker from Monorail to Buganizer, this account won't submit new bugs temporarily (until it's migrated to fetch the data from the new source). Sorry!
Ever wondered how to increase your bug bounties 💸 ? Our latest blog post introduces our domain tiers security concept and how it is applied at Google, and includes a list of Google's highest sensitivity domains. bughunters.google.com/blog/456217538…
See how Google's security engineering team handles rollouts at scale, so we can safely enforce Strict CSP, Trusted Types and other security features on 100s new services yearly. bughunters.google.com/blog/589651289…
This account is temporarily suspended; Twitter API returns weird errors. It should continue to operate on Monday/Tuesday though.
When MDN shows a feature that was available in a range of versions, does the release date mean the first or the last version?
The second one is really funny. I fixed the bug which was reported by me (2 years ago) from Microsoft. At the time, I was hoping someone in Google would fix that (which was correct), but I never thought I will be the one to fix it 😂 bugs.chromium.org/p/chromium/iss…
“Dlaczego HTML jest zbuntowaną bestią?” ⁉️ Wpadnijcie we wtorek na wykład Michała Bentkowskiego, a wszystkiego się dowiecie! Sprawdźcie szczegóły na stronie ➡️ omhconf.pl 🔵🔴 #OMHconf #OhMyHack #Cybersecurity #Cyberbezpieczeństwo #Konferencja #Security
This Tuesday (5 Dec) I'll talk about HTML being a mutating beast in Warsaw at omhconf.pl If you want to have a little chat then, let me know 😀
My life story, or life with a disability. I have a hearing impairment. I am a person with a disability. I explain what it is about. Why did I write this? Because I hope it will be useful to at least one person. blog.lukaszolejnik.com/invisible-disa…
Google has apologised in style for breaking our dangling markup lab with new mitigations in Chrome. Thanks from @WebSecAcademy and @PortSwiggerRes!
That was a really great challenge and awesome writeup!
That was a really great challenge and awesome writeup!
CSRFs, CSRFs everywhere.
I had a presentation called "Why HTML is a mutating beast?" at different conferences in Poland this week. Here I'm sharing slides in case you want to find out about mutations and mutation XSS and why it happens: docs.google.com/presentation/d…
Sam Curry @samwcyo
77K Followers 948 Following Hacker, bug bounty hunter. Run a blog to better explain web application security.Ben Sadeghipour @NahamSec
197K Followers 1K Following Cofounder @hackinghub_io, Advisor @Trick3st @CaidoIO. I hack companies and make content about it. Bug Bounty Village & #NahamCon organizer. ex @hacker0x01🇮🇷Gareth Heyes \u2028 @garethheyes
32K Followers 1K Following JavaScript for hackers: Learn to think like a hacker. https://t.co/e0aNEbEDk5LiveOverflow 🔴 @LiveOverflow
142K Followers 1K Following wannabe hacker... he/him 🌱 grow your hacking skills @hextreeioshubs @infosec_au
50K Followers 2K Following Co-founder, security researcher. Building an attack surface management platform, @assetnoteInformatyk Zakładowy @InfZakladowy
26K Followers 270 Following najnowszy projekt - Monitor SLPS - https://t.co/la6rxubKR5Bug Bounty Reports Ex.. @gregxsunday
39K Followers 555 Following Grzegorz Niedziela - a hacker who documents his hacking journey by creating and curating the best content about bug bounty and offensive security.PwnFunction @PwnFunction
38K Followers 981 Following I make animated computer science videos • product & ai @pdiscoveryio • blog at https://t.co/RLiSNOVQ0WKacper Szurek @KacperSzurek
13K Followers 412 Following Opowiadam o bezpieczeństwie w prosty i zrozumiały sposób. https://t.co/G7JVu4ctCUJames Kettle @albinowax
70K Followers 83 Following Director of Research at PortSwigger Burp Suite Check out my website for published research, other social platforms & contact detailsMike Takahashi @TakSec
21K Followers 531 Following Pentester | Bug Bounty Hunter | AI Whisperer '><embed src=javascript%26%63%6f%6c%6f%6e%3balert('TakSec')>renniepak @renniepak
10K Followers 340 Following Self-XSS connoisseur. Elite Hacker. MVH H11337UPBash. One-Percent Man. Co-Founder @HackerHideout (he/him)Tuan Anh Nguyen 🇻�.. @haxor31337
13K Followers 2K Following 28 y/o Bug Bounty Hunter and Red Teamer at Viettel Cyber Security. Brand Ambassador @Hacker0x01 - Researcher Spotlight @BugcrowdFrans Rosén @fransrosen
39K Followers 899 Following Dev/Security/Founder at @centrahq/@detectify/@poweredbyingrid. I do not advertise doing hacking services, do not trust the ones telling you I do.Grzegorz Tworek @0gtweet
29K Followers 1K Following My own research, unless stated otherwise. Not necessarily "safe when taken as directed". GIT d- s+: a+ C++++ !U !L !M w++++$ b++++ G-Nicolas Grégoire @Agarri_FR
26K Followers 608 Following Web hacker and Burp Suite Pro trainer Refer to https://t.co/D5tRH7U2hg for trainings Follow @MasteringBurp for free tips and tricksS Artist @security_artist
30 Followers 173 Followingjaclyn @jaclyn39474626
0 Followers 17 Following Im nooooob security engineer i like to solve web, forensic on Ctfyair zak @zak_yair
5 Followers 185 FollowingSatoooon @Satoooon1024
788 Followers 723 Following CTF(Web) w/@thehackerscrew1 | AtCoder緑 | seccamp'21-C | Mastodon: https://t.co/n78LO4cTLeAbdulrahman @slyfer___
278 Followers 2K Following Muslim | wannabe a Red Teamer | 🇵🇸 | Biggest fan @ManUtd & @UFC ..LOTRtehryanx @healthyoutlet
1K Followers 1K Following Bug bounty hunter, security researcher, Appsec @ Clio. https://t.co/FyAFRoeA3S https://t.co/1HtJ6eptEvM. Dehghani @userdehghani
2 Followers 199 FollowingTuri @davtur19
92 Followers 252 FollowingBlaklis @Blaklis_
7K Followers 800 Following Infosec and specifically web guy. CTF player from 0daysober. Bug Bounty Hunter & Researcher - securing the Internet :p 🇨🇭🇫🇷Aurélien Chalot @Defte_
2K Followers 415 Following Hacker, sysadmin and security researcher @OrangeCyberdef 💻 Calisthenic enthousiast 💪 and wannabe philosopher 📖 🔥 Hide&Sec 🔥V0lk3n @v0lk3n
310 Followers 574 Following OSCP & OSWP Certified | CyberSecurity enthusiast | BlueSky : https://t.co/WRcpGTib9gMatthew 🥛 @0x67673068
223 Followers 1K Following “Rien ne se passe, personne ne vient, personne ne s'en va, c'est terrible.”ajith s @_ajith_s
2 Followers 114 FollowingThomas Anderson @mrthomasanders
18 Followers 636 Following Programmer/ graduated in Mathematics, Researcher/ Hacking/ Pentester 🧑💻yosif 🇵🇸 @yosif_qasim
1K Followers 947 Following الصبح Main character و بالليل أداعب الكومبيوترات جنسياcrazyman @crazyman823886
338 Followers 648 Following CTFer / APT hunter / RedTeam / BlueTeam the member of @r3kapig the leader of @ShadowChasing1 CVE-2022-30190 find job opportunities pre account @CrazymanArmyPrint3M @Print3M_
12 Followers 36 Following Security Research (rather useless) & Programming. Proud father of https://t.co/BEDG5EUCGz Blog: https://t.co/leKJGz7MGuissa mohammed @issamohamm17941
28 Followers 732 Followingsubr12 @se0r12_sub
1 Followers 273 Followingpilvar @pilvar222
716 Followers 359 Following Computer Science student @EPFL | CTF player @polygl0ts and @0rganizers | ECSC Swiss National Hacking Team @TeamM0unt41n | Part-time bug hunter 🐞user31fibcxw2 @user31fibcxw2
0 Followers 531 FollowingS K Rahim Uddin @Rahim7X
25 Followers 164 Followingroldan santos @dan000317
1 Followers 167 FollowingJL Mitra @jlmitra
28 Followers 358 Followingziz0u 🇵🇸 @ziadmohamed42
121 Followers 1K Followingounissi zakaria @zakaria_ounissi
65 Followers 132 FollowingКит Синий @Mor_Kit
3 Followers 115 Followinggoub⁶⁶⁶ @goub666
0 Followers 1K Followingpwnmansh1p @pwnmansh1p
220 Followers 497 Following pwn·man·ship /ˈpōnmənˌSHip/-- noun -- the art or skill of pwning.ConeZ @ConeZgg
26 Followers 86 FollowingWojciech @maversky45
6 Followers 39 FollowingShlomie Liberow @Shlibness
2K Followers 1K Following Head of Hacker R&D @Hacker0x01. Lover of 4AM shell battles. All things hacking!luis roberto azevedo @luisrobert70575
3 Followers 52 FollowingAnonymous @B_D3aTH
126 Followers 774 FollowingNomyo @N0my0
26 Followers 200 Following French n00b hacker. This is my "kinda stealthy pro account", whatever that means... Images are from Mr Robot awesome cybersec serie.K1nz @viet_kien16450
105 Followers 2K FollowingDat Dora @DatDora
2 Followers 124 FollowingAblel1sM @Ablel1sm
7 Followers 126 FollowingSam Curry @samwcyo
77K Followers 948 Following Hacker, bug bounty hunter. Run a blog to better explain web application security.Ben Sadeghipour @NahamSec
197K Followers 1K Following Cofounder @hackinghub_io, Advisor @Trick3st @CaidoIO. I hack companies and make content about it. Bug Bounty Village & #NahamCon organizer. ex @hacker0x01🇮🇷Gareth Heyes \u2028 @garethheyes
32K Followers 1K Following JavaScript for hackers: Learn to think like a hacker. https://t.co/e0aNEbEDk5LiveOverflow 🔴 @LiveOverflow
142K Followers 1K Following wannabe hacker... he/him 🌱 grow your hacking skills @hextreeioPortSwigger Research @PortSwiggerRes
88K Followers 7 Following Web security research from the team at @PortSwiggerPwnFunction @PwnFunction
38K Followers 981 Following I make animated computer science videos • product & ai @pdiscoveryio • blog at https://t.co/RLiSNOVQ0WKacper Szurek @KacperSzurek
13K Followers 412 Following Opowiadam o bezpieczeństwie w prosty i zrozumiały sposób. https://t.co/G7JVu4ctCUJames Kettle @albinowax
70K Followers 83 Following Director of Research at PortSwigger Burp Suite Check out my website for published research, other social platforms & contact detailsFrans Rosén @fransrosen
39K Followers 899 Following Dev/Security/Founder at @centrahq/@detectify/@poweredbyingrid. I do not advertise doing hacking services, do not trust the ones telling you I do.XSS Payloads @XssPayloads
43K Followers 0 FollowingNicolas Grégoire @Agarri_FR
26K Followers 608 Following Web hacker and Burp Suite Pro trainer Refer to https://t.co/D5tRH7U2hg for trainings Follow @MasteringBurp for free tips and trickslcamtuf (@lcamtuf@inf.. @lcamtuf
35K Followers 494 Following Homepage: https://t.co/iFAXZxCO5H Substack: https://t.co/yFvmNisGW3publiclyDisclosed @disclosedh1
56K Followers 2 Following This is an unofficial HackerOne public disclosure watcher who keeps you up to date about the recently disclosed bugs. By @NOBBDWeb Security Academy @WebSecAcademy
108K Followers 5 Following Free web security training from @PortSwiggerᴀᴅᴀᴍ ʟᴀɴ�.. @AdamLangePL
4K Followers 570 Following Breaking things professionally | Researcher | Speaker | Lecturer | Podcaster | #ProudToBeDefender | Opinions are my own.Chromium Disclosed Se.. @BugsChromium
8K Followers 0 Following Tweets publicly disclosed bugs in Chromium. Not an official Google product. Run by @SecurityMB. Mastodon: @[email protected]Soroush Dalili @irsdl
18K Followers 850 Following Hacker (ethical), web appsec specialist, trainer, tools builder & apps breaker, @SecProjectLtd founder 🕸️https://t.co/YipuTcYnWc🥷 🍏A dad-joke maker🍐Johan Carlsson @joaxcar
4K Followers 155 Following Father and developer during the day, looking for bugs at night 🐞. Using Twitter for infosec only. Also on: @[email protected]Radio Naukowe @RadioNaukowe
3K Followers 29 Following Radio Naukowe to podcast popularnonaukowy tworzony przez @KaroGlowacka. Hasło: włącz wiedzę! https://t.co/c1hzllgbrn https://t.co/impUbEZhvNKévin - Mizu @kevin_mizu
3K Followers 649 Following Vulnerability researcher 🐛 | CTF with @HexagonCTF, @rhackgondins 🦦 | Team FR 2023 🇫🇷 | https://t.co/sEBb6VnMrmLuke @luke_warlow
642 Followers 786 Following Web Platform Engineer @igalia | @openuicg Participant | Opinions my own 🧵: https://t.co/cNexKtp6NH 🐘: https://t.co/Cqt6RDlmKrSoheil @Soheil__K
273 Followers 412 Following Researcher @CISPA, Web Security & Privacy, Program Analysis | Engineer | #BugBounty Hunter; Past @IMDEA_Software.Marco Squarcina @blueminimal
2K Followers 725 Following Senior Scientist @tuvienna / Web security / CTF with @mhackeroni @We_0wn_Y0u / #drumandbass DJ / @[email protected]Vie @vie_pls
1K Followers 232 Following Security Engineer @Google red team by day — artist by night — CTFs with @mmm_ctf_team — @UBC alumni — opinions expressed are my ownPLinSwitzerland @PLinSwitzerland
4K Followers 500 Following Ambasada RP w Bernie 🇵🇱 Botschaft vo Pole z Bärn 🇨🇭 Ambassade de Pologne à Berne 🇱🇮 Ambasciata di Polonia a Berna 💯 L'ambassada da la Pologna a BernaSimona Cotin 🇺🇦 @simona_cotin
19K Followers 3K Following engineering manager @angular. she/her @[email protected]akrasuski1 @akrasuski1
115 Followers 14 FollowingJordy Zomer @pwningsystems
2K Followers 219 Following Security Engineer @ Google, likes fuzzing, static analysis and VR. The opinions stated here are my own, not those of my company.Attack and Defense @attackndefense
1K Followers 9 Following @[email protected] - Mozilla's Security Internals for Security Engineers, Security Researchers, and Bug Bounty Hunters.bluesky @bluesky
311K Followers 1 Following 🌐💬💙 From platforms to protocols. Sign up for Bluesky (no invite code required): https://t.co/rC9PCGgoL5Matteo Rizzo @_MatteoRizzo
2K Followers 590 Following Security engineer at @google, CTF player for @0rganizers and @polygl0ts Personal account. Mastodon: @[email protected]Anna @annamariahupa
78 Followers 224 Following travelling through life and connecting ideas about online safetyY2K38 countdown ⏱�.. @countdownY2K38
2K Followers 143 Following a little bot that tweets the countdown to the 32-bit timestamp overflow aka the #Y2K38 problem / 🦣 @[email protected]Swissky @pentest_swissky
17K Followers 2K Following RedTeam | Pentest Author of PayloadsAllTheThings & SSRFmap https://t.co/w1ZLRqoafGRyan Grove @yaypie
4K Followers 394 Following Mastodon: @[email protected] — https://t.co/24OerhhLydNaugtur 💔🇺🇦 @naugtur
1K Followers 350 Following Working on supply chain security for JS. meet.js Poland organizer. Node.js user since v0.8. Addicted to teaching. Fediverse with me @[email protected]Adam 'pi3' Zabrocki @Adam_pi3
3K Followers 305 Following Director of Offensive Security @NVIDIA, architecting @RISC_V, @LKRG_org Founder, @BlackHatEvents & @Defcon Speaker, #Phrack author, @PwnieAwards nomineeDisconnect3d @disconnect3d_pl
2K Followers 659 Following Security Engineer at @trailofbits. Pwndbg maintainer, justCatTheFish CTF team captain. Opinions are my own =)Andy Nguyen @theflow0
55K Followers 434 Following The opinions stated here are my own, not those of my company.Heather Adkins - Ꜻ .. @argvee
14K Followers 1K Following VP Security @Google, Prompt Engineer, Co-Chair Cyber Safety Review Board, Co-Author "Building Secure and Reliable Systems" @r00t0wns, Medieval HistorianClaudio Criscione @paradoxengine
3K Followers 379 Following Security Robot Overlord @ Google. Vulnerability Management @paradoxengine.criscio.net @[email protected]Tim Nguyen @methodtim
4K Followers 867 Following Director, Detection & Response @Google. Opinions mostly stolen from people smarter than me. #BlackLivesMatterUna 🇺🇦 @Una
90K Followers 1K Following Making the web more stylish ✨🎨 Web UI DevRel Lead @Google 🦄 @csswg + @openuicg. #CSSPodcast host 🎬Tailscale @Tailscale
22K Followers 177 Following Simple, secure networks for teams of any scale. Built on WireGuard.huli @aszx87410
4K Followers 401 Following Taiwan / Front-end Engineer <=> Security Researcher. Interested in web. CTF player at @Water_PaddlerPiotr Bazydło @chudyPB
3K Followers 257 Following Vulnerability Researcher at the Zero Day Initiative | Pwn2Own Miami 2022 | Microsoft MVRCrypto Bros Taking Ls @CoinersTakingLs
447K Followers 54 Following Documenting The Other Side Of Crypto | DM for Submission. 💬 | ran by @sociablebarelyMason Freed @Mfreed777
196 Followers 166 Following Blink rendering team. I don’t tweet much. @[email protected]Maciej Pulikowski �.. @pulik_io
3K Followers 230 Following 🧙 Software Engineer | 👾 Security Researcher | 🏆 8 x Google Hall of Fame #code #cybersecurity #blockchainharisec @har1sec
8K Followers 2K Following Interested in web security, bug bounties, machine learning and investing. SolidGoldMagikarpJon Bottarini @jon_bottarini
12K Followers 737 Following Security Stuff @Google - I post about bug bounties, infosec, and everything in between. This is a personal account. Formerly: @Hacker0x01Michal Melewski @carste1n
3K Followers 323 Following Security Engineer @ Cloudflare, ex-Google ISE, I use bad software and bad machines for the wrong things. My writing: https://t.co/Z7uucr5BYWAndreas Kling @awesomekling
36K Followers 396 Following 🌅 Recovering addict 🐞 Building a truly independent web browser (@ladybirdbrowser) 💕 Married to @KatalinKultAlesandro Ortiz 🇵�.. @AlesandroOrtizR
3K Followers 3K Following Software Engineer. Security Researcher. Puerto Rican 🇵🇷. New Yorker. Bilingual. LG(B)TQ 🏳️🌈. He/him. (Header: @econrivera) @[email protected]Felix Gröbert @fel1x
4K Followers 629 Following Director, Product Security Engineering at Google Cloud. Opinions own. Tweets deleted periodically.depths of wikipedia @depthsofwiki
880K Followers 4K Following Hello I am @anniierau Please take away my blue check! I did not ask for it!Jorge @jorge_ctf
2K Followers 511 Following web research @ghsecuritylab prev: @water_paddler @ripp3rsctf | OSWE | DC30 CTF finalistGiacomo 🪿 @isogenies
891 Followers 232 Following One half of @CryptoHack__, Cryptography consultant, PhD Black Holes and Supergravity 🚩@0rganizersTypeScript @typescript
348K Followers 53 Following TypeScript is a language for application-scale JavaScript development. It's a typed superset of JavaScript that compiles to plain JavaScript.ADDitude @ADDitudeMag
58K Followers 3K Following Resources for families touched by attention deficit disorder (ADD/ADHD). Tweets courtesy of the editors & bloggers you love!Colin McDonnell @colinhacks
11K Followers 1K Following 🦆 Friendly neighborhood TypeScript nerd 🔮 Creator of Zod and tRPC (v0) 🧑🏼💻 Prev @ Bun, EdgeDB, YCW19, MIT 🫶 Portrait by @stuffyokodrawsJust found a great show-case of AbortController. I don’t think I could make this code as concise without aEL’s support for AC signals. Note that I need to: - access `controller` from within the listener, - access `this` in `start()` - remove the listener in `cancel()`
Recently found a bypass in DOMPurify in certain cases. Today, versions 3.0.10 and 2.4.8 were released, fixing the issue. Documented the problem here: blog.slonser.info/posts/dompurif… Thanks to mario of @cure53berlin for excellent communication! #DOMPurify #security
@kevin_mizu @SecurityMB @kinugawamasato We indeed had a look but so far don't see any bypass potential, but if that changes, we'd add those faster than light 🙂
@SecurityMB @cure53berlin @kinugawamasato I suggested the same thing, but since all the other tags are deprecated and they shouldn't involve a security issue, they decided to only block 'annotation-xml'
Here's a PoC for attempting to create a #JavaScript shim that ships DOM Clobbering protection when installed in the webpage. Thoughts? @SecurityMB @garethheyes github.com/weizman/DOM-Cl… context 👇
@SecurityMB Thinking out load: MO on document capturing attributes sets + hook into id/name-prop setter of dom nodes proto to collect list of {id,name}s setting at runtime. Redefine collected window[{id,name}s] with getters that throw on access attempt. Accept allowlist of props by the app.
Introducing an experimental chromium security bug aggregator @BugsAggregator, migrated for the new chromium issue tracker. This might be a temporary option during the migration period of @BugsChromium. Kudos to @SecurityMB
Because of the migration of Chromium bug tracker from Monorail to Buganizer, this account won't submit new bugs temporarily (until it's migrated to fetch the data from the new source). Sorry!
@SecurityMB @zcorpan @CanadaHonk In case you missed it, have a look at this awesome paper by @Soheil__K (IEEE SP 2023) ieeexplore.ieee.org/document/10179…
@literallydenis @levelsio Is that where Google keeps all its ships?
One of my favorite things about Switzerland: trust in society The flower shop in the photo is closed, but the merchandise is left outside. The sign blocking the door says "if the door is closed, it's self service; scan QR-CODE to pay with TWINT". And that's not a rare thing!
Ugh Firefox/Safari process @import differently than Chrome. @SecurityMB has a good explanation research.securitum.com/css-data-exfil… Firefox processes the them synchronously. Which means the current design of the CSS exfiltrator won't work. I'm probably not going to update it
@SecurityMB It was @wizzair and I'm never going to fly with them ever again. Chat consultants disconnecting after reading the magic phrase "I'd like to correct the name of the passenger". It's a paid feature that costed double the tickets for 2 people plus it didn't work.
I usually avoid non-technical posts... but can't resist sharing yesterday was the happiest day of my life #wedding
The second one is really funny. I fixed the bug which was reported by me (2 years ago) from Microsoft. At the time, I was hoping someone in Google would fix that (which was correct), but I never thought I will be the one to fix it 😂 bugs.chromium.org/p/chromium/iss…
Small XSS Challenge Time 🚩 Rules 📜 - You should only use the provided endpoint. - The solution must not involve user interaction. If you find the solution, please do not send it in the comments; send me a DM instead 📩 Challenge link 👇 challenges.mizu.re/xss_02.html
@SecurityMB Thanks for the tip. I already normalize the case and filter out reward-\D labels, but I didn't know you could have multiple reward values per issue!
@dragosr @gergely_kalman @LiveOverflow Because I disagree that rand() isn't the "right" randomness source. Unless you can demonstrate that there is a practical attack that is made feasible by the use of rand() over something like random_bytes(), I'll admit I'm wrong. A salt doesn't need to be (securely) random, it…
@SecurityMB Looks like it's scoped same as the function declaration - i.e. global in this case. And you can actually do print(x) afterwards in the module-global context.
Reminds me of when i tried to implement multiplication in TypeScript... tricky language
My first program in Python! I still find this syntax a bit confusing with no { } etc. def main( line0: print("Hello World!"), line1: print("What's your name?"), line2: (x := input("Name plz: ")), line3: print(f"Your name is: {x}") ): pass
Google has apologised in style for breaking our dangling markup lab with new mitigations in Chrome. Thanks from @WebSecAcademy and @PortSwiggerRes!