42 Photos and videos
FD retweeted
19 Feb 2024
The results are in! We're proud to announce the Top 10 Web Hacking Techniques of 2023! portswigger.net/research/top…
6
158
474
85,830
22 Sep 2023
Google(Chromium) suddenly decided to pay me for a UI Spoofing bug reported 3 years that had been idle, and from reward potential to no potential to potential. Ok thanks?
1
4
51
12,146
FD retweeted
8 Feb 2023
The results are in! We're proud to announce the Top 10 Web Hacking Techniques of 2022!
portswigger.net/research/top…
7
227
589
116,663
FD retweeted
28 Jul 2022
This #privacy audit looks like the first LeaveHomeSafe #pentest ever, way below commercial apps:
Broken SSL validation, SD Card Leaks, 2FA Logic bypass, Screenshot leaks, several Face Recognition artifacts, etc. 7asecurity.com/blog/2022/07/…
27 Jul 2022
Serious vulnerabilities have been found in the Hong Kong government's LeaveHomeSafe COVID-19 app. @7aSecurity recently conducted a security audit that discovered numerous flaws that allow interception of the LeaveHomeSafe app and its backend servers. opentech.fund/news/7asecurit…
1
16
21
FD retweeted
17 Jun 2022
We are organising VXCON on 27 August. Please feel free to submit CFP.
vxcon.hk
2
3
FD retweeted
18 May 2022
Confirmed! Masato Kinugawa demonstrated a 3-bug chain of injection, misconfiguration and sandbox escape on Microsoft Teams to earn $150K and 15 Master of Pwn points.
1
25
130
New writing about the story of 3 bug bounty reports in which I chain low severity bugs together for higher impact and less known browser tricks.
Includes CSS injection, Self-XSS, Drag-Drop XSS, Cookie Bomb, Login-Logout-CSRF, and more...
medium.com/@renwa/the-underr…
4
100
312
FD retweeted
27 Apr 2022
After 5 years of work, security.txt is officially an RFC. I am pleased to announce RFC 9116: rfc-editor.org/rfc/rfc9116.
I would like to use this opportunity to thank those who made this possible. Thank you. ❤️
ALT The security.txt specification has been published as RFC 9116
43
949
2,719
We found a way to spoof ENS domains and were awarded a $15k bug bounty by
@ensdomains
👇Check out the write-up
medium.com/@hacxyk/how-we-sp…
4
22
120
FD retweeted
9 Feb 2022
The results are in! We're proud to announce the Top 10 Web Hacking Techniques of 2021!
portswigger.net/research/top…
6
363
769
FD retweeted
5 Feb 2022
New blog post: "What Bypassing Razer's DOM-based XSS Patch Can Teach Us" — edoverflow.com/2022/bypassin….
6
101
248
FD retweeted
11 Aug 2021
Also
function solve(obj, property){
if(typeof obj != 'function') {
obj(property).innerHTML = '<img src=1 onerror="alert(`You win`)">';
} else {
alert('You must try harder than that.');
}
}
1
5
16
FD retweeted
2 Jun 2021
My browser UI security blog is out! Featuring 10 bugs.
microsoftedge.github.io/edge…
2
67
144
FD retweeted
31 May 2021
I've been meaning to create a blog for some time now, and I finally did it! For its first post I wrote about a vulnerability that allowed an attacker to leak the full URL of cross-origin redirects on Google Chrome, check it out!
blog.lbherrera.me/posts/appc…
7
121
331
FD retweeted
21 May 2021
‘Soft skills are the most under-researched area of the bug bounty industry’ – ‘Reconless’ YouTubers (@0xReconless ) on filling a gap in infosec education portswigger.net/daily-swig/s…
43
125
FD retweeted
23 Apr 2021
New Video! Binary Exploitation 0x02
Why you should Close Your Files
youtu.be/6SA6S9Ca5-U
5
70
281
FD retweeted
24 Feb 2021
The top 10 web hacking techniques of 2020, by
@albinowax with help from @filedescriptor, @irsdl, @Agarri_FR and the entire community
portswigger.net/research/top…
4
240
500
19 Jan 2021
Untrusted Types just got a new UI with better filtering options and features thanks to @ThomasOrlita! Check it out!
github.com/filedescriptor/un…
4
34
137