Just published a blog post about this Chrome 0day discovered by @slonser_. It covers how the exploit works, a demo setup simulating a common ATO scenario (with video), and the PoC GitHub repo.

RT @sw33tLie: Super glad to have collaborated on @albinowax’s research this year with @bsysop and @_medusa_1_. Funny enough, it all started….

RT @albinowax: The whitepaper is live! Learn how to win the HTTP desync endgame. and why HTTP/1.1 needs to die:

Just completed 4 years at @Bugcrowd! How time flew!. Thankful to the incredible team I get to work with every day, and of course, the researcher community :). #ItTakesACrowd.

If you’re curious, I highly recommend checking out the @ctbbpodcast episode about this bug too. @rez0__ and @Rhynorater did a great job at covering everything from the timeline to the additional attack vectors!.

This is really cool! Amazing work @S1r1u5_. First time seeing DNS rebinding used to bypass SOP in a real-world crit! Very clever.

RT @VolerionSec: Launching today!. Volerion transforms raw CVEs into structured and instant insights. #CVE #CyberSecurity #infosec https://….

"A girl in a flowing white dress floating gracefully into a dreamy sky filled with stars and colorful clouds at sunset.". Try Grok Imagine, free for a limited time:.

At this point, I’m very excited about how AI is going to transform our lives in the future.

The Wire may be one of my all-time favorite shows. Surprised I didn't watch it sooner, but now I'm sad it ended.

Great writeup, @Rhynorater and @0xLupin!.

Some personal news: I was promoted to Manager - Security Operations at @Bugcrowd back in November!. Huge shoutout to my fantastic team at Bugcrowd and our researcher community! :).

RT @PortSwiggerRes: The results are in! We're proud to announce the Top ten web hacking techniques of 2024!

In case you want to check it out:. Blog post: YouTube video: HTB box:

Something that made my day recently. While going through @ippsec's recent video for an HTP box he was solving, I noticed he came across my git RCE analysis during his research. As someone who's learned a ton from his HTB content, that was unexpectedly cool to see! :D

RT @albinowax: I've just hit ten years of web security research at PortSwigger! Massive thanks to @PortSwigger for the opportunity, and the….

So cool!.

RT @GithubProjects: |￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣|.| Don't Push To Production On Friday |.|＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿|. \ (•◡•) /….

RT @sw33tLie: This is one of the most widespread and impactful bugs I've ever found in my career. Great collab with @bsysop and @_medusa_1_….

Had fun with some Google CTF challenges last weekend! Published a writeup for one that I really enjoyed solving:. . #ctf #writeup #GoogleCTF.

Ever played a CTF on IRC? . I published a detailed walkthrough for all the 22 challenges in @ircpuzzles 2024. Check it out here: It's almost a book at this point, so please use the table of contents to find what interests you!. #ircpuzzles #ctf #puzzle.