Abdulrahman Alqabandi
@Qab
Followers
6K
Following
3K
Media
321
Statuses
3K
Security researcher @MicrosoftEdge
Redmond, WA
Joined August 2008
RT @albinowax: Blind CSS exfiltration attacks recently got a lot easier! Full details in this thread:.
0
37
0
RT @AmmashDev: واخيرا تم الانتهاء من تطوير لعبة ثعلوب للاطفال . كانت رحلة مليئة بالتحدي والتعليم , والان اكتملت الرحلة وهذه هي اللعبة بين….
0
100
0
RT @we1x: Safari Tech Preview 215: Added support for Trusted Types 🎉.
webkit.org
Safari Technology Preview Release 215 is now available for download for macOS Sequoia and macOS Sonoma.
0
2
0
RT @royalhansen: "This blog post aims to provide a detailed blueprint for how Google has created and deployed a high-assurance web framewor….
bughunters.google.com
Learn more about how Google has created and deployed a high-assurance web framework that almost completely eliminates exploitable web vulnerabilities.
0
16
0
RT @kryc_uk: Edge Security may have an exciting opportunity to work in our Barcelona #VulnerabilityResearch team. DM for details.
0
10
0
RT @msftsecresponse: We’re excited to announce the scope of the Microsoft AI Bounty Program has expanded to include new vulnerability types….
0
21
0
RT @albinowax: Voting is now live for the Top Ten (New) Web Hacking Techniques of 2024! Browse the nominations & cast your votes here: http….
portswigger.net
Welcome to the community vote for the Top 10 Web Hacking Techniques of 2024.
0
68
0
RT @albinowax: Nominations are now open for the Top 10 Web Hacking Techniques of 2024! Browse the contestants and submit your own here:.htt….
portswigger.net
Nominations are now open for the top 10 new web hacking techniques of 2024! Every year, security researchers from all over the world share their latest findings via blog posts, presentations, PoCs, an
0
88
0
RT @spoofyroot: Hello everyone, fun fact, UAC bypasses = bounty money when Administrator Protection is enabled. We checked many but we full….
0
17
0
RT @brewster_kahle: What we know: DDOS attack–fended off for now; defacement of our website via JS library; breach of usernames/email/salte….
0
1K
0
Assisting with this has been quite the learning experience. Felt proud once I saw it enabled. Huge win for security! More CSP everywhere!.
A new era for security in #MicrosoftEdge and it's web integrations as #MicrosoftBing now supports nonce-based CSP on Edge Desktop (other browsers to follow shortly). Attacks on Edge via XSS just got a whole lot harder!.
2
3
15
RT @evilsocket: * Unauthenticated RCE vs all GNU/Linux systems (plus others) disclosed 3 weeks ago. * Full disclosure happening in less tha….
0
506
0
RT @albinowax: Love a good client-side exploit chain! This crazy cross-product chain targeting Google by @rebane2001 is a great example of….
lyra.horse
A writeup of my $4133.70 Google Drive vulnerability chain.
0
105
0
0
3
0
RT @thezdi: We've updated our blog on abusing file deletes to escalate privileges. We've also released PoC to demonstrate this. The exploit….
zerodayinitiative.com
We would like to thank researcher Abdelhamid Naceri for his great work in developing these exploit techniques, as well as for the vulnerabilities he has been reporting to our program. We look forward...
0
79
0
RT @GoogleVRP: 📢 Chrome VRP reward updates! 💰 Bigger payouts (up to 5x higher, $250,000+) and clearer guidelines, all designed to incentivi….
bughunters.google.com
The Chrome VRP is increasing reward amounts and their structure to incentivize high-quality reporting and deeper research of Chrome vulnerabilities, see this post for details!
0
43
0
RT @kinugawamasato: Due to this change: now Chrome 130 also parses non-special scheme URLs including javascript: UR….
0
26
0