Still pretending to be a security researcher.
Joined September 2021
- Tweets 339
- Following 112
- Followers 1,245
- Likes 866
8 Photos and videos
Bug write-up for "Google AI Studio XSS" ndevtk.github.io/writeups/20… (ノ*・ω・)ノ
36
222
11,454
ndev.tk/htmldom/ got more complicated it now converts unsafe sinks to safe DOM API calls and traces taint from sources to sinks across files, functions, and control flow. Maybe can reuse code in extension :)
8
653
I made a HTML/CSS to DOM API converter! ndev.tk/htmldom/ this project doesn't use Babel JS because I couldn't be bothered.
1
7
911
The first version of APIClient has been released chromewebstore.google.com/de… it supports API learning with key tracking based on usage and Google/Swagger discovery documents plus XSS finding also replacement for postLogger extension. It's not perfect, create GitHub issues :)
3
14
1,381
github.com/NDevTK/APIClient has been recovered does both API learning and XSS finding it's not perfect but I'm starting to get over it. Hopefully this time I will release and not delete it.
1
17
889
Taint analyser is replaced with CodeQL Chrome github.com/NDevTK/codeql-chr… because trying to get AI to build a code graph then integrate it with an SMT was annoying. I asked something basic like trace the internals of jquery it made a fake version.
1
6
483
Bug write-up for "Google XSS part 3" ndevtk.github.io/writeups/20… \^o^/
1
29
128
6,252
The test release of DroidProbe is published after joining groups.google.com/g/droidpro… it can be installed at play.google.com/store/apps/d… please provide feedback :)
1
5
786
github.com/NDevTK/DroidProbe Contextual GUI via code analysis all the things.
4
17
934
A no-code web-based GUI for Chromium MojoJS security research with automated binding generation. Tempted to add an AI chat bot. github.com/NDevTK/MojoGUI
3
593
An experimental WinDbg debugging toolkit for Chromium security researchers: github.com/NDevTK/chromiumde…
Bug write-up for OAuth redirects don't check for SSL/TLS: ndevtk.github.io/writeups/20…
Summarizer theme on my writeups website now works on desktop chrome again! 🦆
6
785
Integrated my Chromium bugs into ndevtk.github.io/writeups/ that's more URL spoofs, COOP leaks, WAR bypass, Debugger API abuse!
12
82
6,270
Bug write-up for "Controlling the Google Assistant via Web Speech API" ndevtk.github.io/writeups/20… *^____^*
3
13
92
6,005
My YouTube channel is now un-deprecated 🎉
Android lock screen data leak Minecraft video PoC can now be found at youtube.com/watch?v=TUysajkS…
7
1,166
NDevTK retweeted
2 Aug 2025
LOL, my YouTube account/channel got terminated, and all PoC videos are gone 😂
6
3
45
25,738
NDevTK retweeted
12 Jul 2025
🔥Blog post is up! How extensions could exploit JS bindings to use webRequestBlocking prior to Chrome 118:
0x44.xyz/blog/web-request-bl…
17
49
5,092
Been automating chromium security research using AI agents with codebase learning, VRP insights and research tracking tools. While the agent will remain private there's a nice tool for interfacing with chromium services github.com/hjanuschka/chromi… now with V8 support 🥳
2
14
1,421
Bug write-up for "Cameyo XSS" ndevtk.github.io/writeups/20… ☆*: .。. o(≧▽≦)o .。.:*☆
1
7
51
3,207