Google(Chromium) suddenly decided to pay me for a UI Spoofing bug reported 3 years that had been idle, and from reward potential to no potential to potential. Ok thanks?

Say hello to the Polyglot Payload. The complete payload for the XSS Polyglot Challengev2 is now available on the platform. Source: . Thanks @filedescriptor and crlf .#xss #polyglot #polyglotxss

Chrome extension that abuses Trusted Types to find DOMXSS! It works by logging the stack trace of all sink calls and their changes to the DOM. It helps you trace from sink to source and source to sink. ⚙⚙️. - #infosec #cybersec #bugbountytips

🚀 LFI - Interesting Linux files. /etc/issue./etc/passwd./etc/shadow./etc/group./etc/hosts./etc/motd./etc/mysql/my.cnf./proc/[0-9]*/fd/[0-9]* (first number is the PID, second is the filedescriptor)./proc/self/environ./proc/version./proc/cmdline./proc/sched_debug./proc/mounts.

Want to start finding DOM-based vulnerabilities easily? 🤑. Check out Untrusted Types by @filedescriptor, a simple yet advanced web extension that can help you locate DOM sinks through the Trusted Types API! 🤠. Untrusted Types is available on Github!👇.

2⃣Untrusted Types by @filedescriptor. Untrusted Types web extension can help you locate DOM sinks through the Trusted Types API—an API that helps developers lock down certain DOM sinks that could potentially lead to DOM-based XSS vulnerabilities.

@Rhynorater @filedescriptor

I'll be gone for 2 weeks, see you all then! ✌️. But before I go, here are some nice client-side resources I went through:. - - - -

マルチスレッドの場合は filedescriptor とか気にしないとダメよね、ちゃんと close 処理はしている想定で.

в погоне за попыткой переиспользовать как можно больше общего кода второй день хожу вокруг assets с moko resources, так и не поняла, как из него вытащить fileDescriptor, чтобы положить аудио в mediaPlayer 😮‍💨 как же тяжко, когда библиотека совсем новая.

Say hello to the Polyglot Payload. The complete payload for the XSS Polyglot Challengev2 is now available on the platform. Source: . Thanks @filedescriptor and crlf . credit: @XssReport . #xss #BugBounty.

プロセスから見えるものはいろいろあり、filedescriptor もその一つ。プログラムはそれを操作する。.

#10 Good old cookie tossing.Hijacking OAuth via cookie tossing: funny enough, twas my first client-side bug: Can an LLM come up with that? .AFAIK, @filedescriptor was the first to come up with many similar creative attacks.

One character, 5 digit bounties! 💰.This #BugBountyTip from @filedescriptor (@0xReconless) is a classic example of "think like a developer". 👇 #BugBountyTips #HackWithIntigriti

@Rhynorater @filedescriptor Shamelessly dropping related video . No Bounty for Open Redirects?! – ft. LiveOverflow. Article:

The panel vote for the Top ten web hacking techniques 2023 has now concluded! Massive thanks to @filedescriptor @irsdl @Agarri_FR for serving on the panel! Got some outstanding finalists in there. I'll get the results written up and published in the next day or two. 🥁.

filedescriptorに正のint32を渡し、closeメソッドが呼ばれるまで有効だが、closeされたあとにsendされるとfiledescriptorが残っていてエラーになる #tryswift.

@S1r1u5_ One of the coolest bugs I ever reported (that is public) was (with additional context provided in comment 52). Another incredibly creative bug was on how to leak cross-origin content with CSS and UTF-16 by @filedescriptor ( .

what happened to @filedescriptor? It's been long. Dude just disappeared. @Rhynorater @albinowax @LiveOverflow any idea.