I've published my new research, "Exploiting Number Parsers in JavaScript". In this article, I’ve discussed the number parsers in JavaScript and the different attack scenarios you might encounter. https://t.co/VMVqHF3j2q

New Google VRP writeup "XSS in Google IDX Workstation" for a bounty of $22,500 by @sudhanshur705: https://t.co/16Fz5H5f0R

@GoogleVRP disclosed my most impactful client-side report to date: https://t.co/yGZJrSZEbe TL;DR An attacker could've gained access to Gemini Code Assist Tools (GitLab, GitHub etc.) configured by the victim

"AI Agents for Offsec with Zero False Positives" by @moyix, a journey on how we managed to get 0 FPs with XBOW. You can find the slides for his BH talk here: https://t.co/vFEfm5HkxT

An Introduction to using Artificial Intelligence (AI) for Vulnerability Research

❌ Eliminating almost all exploitable web vulnerabilities? This blog post covers how the Google security team implemented a high-assurance web framework to achieve this goal for its services, and what this framework's most important characteristics are. https://t.co/dohOwvCOtz

Write-up of my v8 bug: Critical type confusion in V8's Turboshaft compiler allowed stale pointers to bypass GC, leading to exploitable memory corruption. Full details + PoC:

It's an honor that my research, Exploiting Number Parsers in JS, has been nominated for the Top Ten Web Hacking Techniques of 2024. I discussed how discrepancies in JS number parsers could be used to carry out DoS attacks. If you find it interesting, please vote for it!

🧵 [1/4] Here is our DOMPurify 3.2.1 bypass, using a namespace confusion technique where each element is initially in a “correct” namespace. When it was allowed, the ‘is’ attribute was not handled correctly, making the attribute content’s regex check obsolete. #mXSS #XSS

Just discovered 10 memory corruption vulnerabilities in the popular Mongoose Web Server (11k stars on GitHub) by fuzzing its embedded TLS stack protocol with @aflplusplus. More technical details here: https://t.co/AzK6USwACO

There is no prize to perfection, only an end to pursuit

Released a new extension :) - https://t.co/sphNJdvUyt for postMessages from all_frames. - detects the scope of sent messages. - origins that are insecure, will be prefixed with UNSAFE. - detects if a website does not check .origin - MessageChannel API https://t.co/56gtuIU7qw

Awesome research!🔥

I created a small tool to automatically set breakpoints in Chrome using the CDP (Chrome DevTools Protocol). It’s still in beta, but I’m actively working on a complete version.. https://t.co/8Hn5XgAWs1

Here's a code snippet that as far as I can tell pretty much solves prototype pollution. It's based on https://t.co/VkshO7Wpyh, and after running it you can access an object's prototype with object[Symbol.instanceProto], and object["__proto__"] will be undefined.

Project Zero blog: LLMs find 0days now! 👀 And: our fuzzer setup did *not* reproduce it! https://t.co/xz6j2fzrWe

I have updated the list of custom filters for Logger++. The new additions include: . New API Style (gRPC-Web) . Improved previous filters . Exposed API keys custom filters . New filters for API vulnerabilities https://t.co/XfoRQjvHmu

Thrilled to release my latest research on Apache HTTP Server, revealing several architectural issues! https://t.co/YzYcwxOGBn Highlights include: ⚡ Escaping from DocumentRoot to System Root ⚡ Bypassing built-in ACL/Auth with just a '?' ⚡ Turning XSS into RCE with legacy code

#TypeScript Remote Procedure Call (tRPC) Security Research: Hunting for Vulnerabilities in Modern APIs, a nice read from @LogicalHunter: https://t.co/ub4Yrb43rD Vulnerable tRPC playground: https://t.co/6Qv9qGqvdx

New blog alert! 🚨 Delve into an intriguing browser based web attack vector I stumbled upon that is widespread and can be used to perform ATO. I call it Cross Window Forgery. 🫧🌊🌪️🌀 https://t.co/0bXTyl2JVH