Michał Bentkowski

@SecurityMB

Penetration testing, bounty hunting

Poland
Joined September 2014

Tweets

You blocked @SecurityMB

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @SecurityMB

  1. Pinned Tweet
    Jan 14

    Wow, four blog posts of mine are included in the list! - XSS in GMail's AMP4Email via DOM Clobbering - DOMPurify 2.0.0 bypass using mXSS - Exploiting prototype pollution - Security analysis of <portal> element If you like them (or other techniques), please vote!

    Undo
  2. So yesterday I got married! Paula is the greatest woman I’ve ever met in my life and I can’t even express how happy and grateful I am that she’s going to be with me for the rest of my life. Thank you very much and I’m sure that we’ll have a happy life together!

    Undo
  3. Retweeted
    Jan 19

    Solutions to the challenge `WW3` on Any bugs/typos, lemme know :)

    Undo
  4. Retweeted
    Jan 17

    Ruszyły zapisy na MEGA sekurak hacking party. Cały dzień w sali koncertowej, świeże, praktyczne prezentacje, super networking. Mamy tylko 100 biletów early bird w super cenie!

    Undo
  5. Retweeted
    Jan 10

    [NEW] Challenge DM me if you solved it :) Have fun! * Solutions, 1 week from now.

    Show this thread
    Undo
  6. Retweeted
    Jan 9

    I'm very excited to share my blogpost series (including PoC code) about a remote, interactionless iPhone exploit over iMessage:

    Show this thread
    Undo
  7. Jan 8

    This bug, fixed in latest Firefox, led to pretty interesting research, how you can exfiltrate data in Firefox with a single injection point (ie. no reloading iframes). I’m going to publish the trick soon.

    Undo
  8. Jan 8

    New year, new profile pic ;)

    Undo
  9. Retweeted
    24 Dec 2019

    Writeup on how I made $40,000 breaking the new Chromium Edge using essentially two XSS flaws.

    Undo
  10. Retweeted
    20 Dec 2019

    "Hey la Kibana, Inspection des gadgets !" 😋 Pwning Kibana 6.2 using prototype pollution and CVE-2018-17246 by

    Undo
  11. Retweeted
    14 Dec 2019

    If you wish to speak to us today, we have a stand on . You can meet and . Come talk to us!

    Undo
  12. Retweeted
    10 Dec 2019

    In today’s Chrome release, two security issues reported by our team are fixed. Good job and ! Writeups coming soon! Details:

    Undo
  13. 2 Dec 2019

    [PL] 14 grudnia na konferencji opowiem o błędzie w AMP4Email i jak z niego urodziło się kilka kolejnych błędów (obejście DOMPurify czy CSP). Zapraszam!

    Undo
  14. 29 Nov 2019

    During last months, me and my colleagues in worked on a book about web application security in Polish. It’s been an amazing experience and today first copies arrived from the printing house. We offer a promo code for Black Friday, so if you speak Polish, go get it!

    Undo
  15. Retweeted
    3 Sep 2019

    Paste-Tastic! ft. - Google CTF 2019 Write-up Retweet if you liked it, Thanks :)

    Undo
  16. 27 Nov 2019

    Remember the mXSS via </p> or </br> I reported? Turns out that Chrome is correct according to spec. Spec bug is submitted here:

    Undo
  17. Retweeted
    22 Nov 2019

    Shodan membership for $1! It's Shodan's 10 year anniversary, grab the offer while you can. Here:

    Show this thread
    Undo
  18. 22 Nov 2019

    Google is shutting down Translator Toolkit in the near future. That’s a pity, I have some good memories of it!

    Undo
  19. Retweeted
    21 Nov 2019
    Undo
  20. 18 Nov 2019

    Here’s probably my favorite XSS of this year :) This is why we love legacy browser features like DOM Clobbering ;)

    Undo

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·