James Kettle

@albinowax

Director of Research at PortSwigger Web Security aka

Manchester, England
Vrijeme pridruživanja: siječanj 2010.

Tweetovi

Blokirali ste korisnika/cu @albinowax

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @albinowax

  1. Prikvačeni tweet
    21. ožu 2018.

    My past and present research is archived at

    Poništi
  2. 31. sij

    I've been beta testing this update for a while, it's a good one :)

    Poništi
  3. proslijedio/la je Tweet
    31. sij

    , , and I are starting a new security blog. In our first write-up, we will discuss the impact of "SameSite by default" and how it affects web app sec. Feel free to request future topics you would like us to cover.

    Poništi
  4. proslijedio/la je Tweet
    28. sij
    Poništi
  5. proslijedio/la je Tweet
    28. sij

    Many thanks for all your votes! The community has spoken, and selected 15 nominees for the Top 10 Web Hacking Techniques of 2019. We've just launched the final stage, in which the panel - , , and - will confer and select the final top 10

    Poništi
  6. proslijedio/la je Tweet
    27. sij

    We've added 11 new XSS labs, with learning materials. There is new content on CSP, dangling markup injection, and escaping the AngularJS sandbox.

    Poništi
  7. proslijedio/la je Tweet
    27. sij

    Did you know that the address '<a@b.com>c@d.com' when given to SES will send an email to a@b.com? this could lead to interesting exploit scenarios with some email parsing libraries/code

    Poništi
  8. proslijedio/la je Tweet
    21. sij

    10 Triaged Crit/P1, 1 Triaged High, 2 Triaged Medium. All of them HTTP Desync bugs in the span of 2 months (The crits being session cookie/token stealing). This bug class is real and needs more attention...

    Poništi
  9. 24. sij

    HTTP Request Smuggler now supports overriding the request method! spotted that using an alternative method like DELETE can sometimes let you exploit otherwise-secure targets. (If you accidentally delete someone's homepage, that's on your head!)

    Poništi
  10. proslijedio/la je Tweet
    24. sij

    This weekend is your last chance to vote for the Top 10 (new) Web Hacking Techniques of 2019! Voting closes Monday.

    Poništi
  11. 23. sij

    I once got 90% of a critical vulnerability in Mozilla Persona's password reset. 8 years later, it still hurts that I didn't complete it. Has anyone ever successfully exploited SMTP injection via the Reply-To+Eicar technique or similar non-CC methods?

    Poništi
  12. proslijedio/la je Tweet
    23. sij

    Ok let's close the script. That can't possibly work right? <script> x = '<!--<script>' </script>/-alert(1) </script>

    Poništi
  13. 21. sij
    Poništi
  14. 15. sij

    One of these entries introduces a fantastic technique that was widely overlooked when first released. Unfortunately I can't name it without biasing results ;)

    Poništi
  15. 14. sij

    I was hoping the list of nominations would be shorter this year, as I've pre-filtered weak entries and grouped similar topics. Unfortunately you guys just shared too much great research...

    Prikaži ovu nit
    Poništi
  16. 14. sij

    We need your help to select the top 10 web hacking techniques of 2019! Cast your vote here:

    Prikaži ovu nit
    Poništi
  17. proslijedio/la je Tweet
    12. sij

    Just posted Remote Code Execution in Three Acts: Chaining Exposed Actuators and H2 Database Aliases in Spring Boot 2. Using a payload containing three different programming languages :)

    Poništi
  18. 10. sij

    This weekend is your last chance to nominate research for the top 10 new web hacking techniques of 2019. Voting begins on Monday!

    Poništi
  19. 9. sij

    It was still good fun of course - just be aware that when I play the 'I made $$$ with my new technique' game to promote my latest research, it's not the full picture.

    Prikaži ovu nit
    Poništi
  20. 9. sij

    In 2017 I won a CTF, leading to an invite to my first HackerOne live hacking event. I flew to New York, landed in a money-fevered environment, deployed the secret tool I'd spent months developing, and made $100. Sometimes you get money, sometimes you get learning opportunities.

    Prikaži ovu nit
    Poništi
  21. proslijedio/la je Tweet
    7. sij

    For the sake of exercising, I looked up some web challenges in a and noticed a cool SQLi one "Secure System". I discovered some cool stuff that you will not find it in tutorials so check it out! 😅

    Prikaži ovu nit
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·