mvs

@manuelvsousa

Student & Research Fellow . CTF Player . Bounty Hunter once a year.

Lisbon, Portugal
Vrijeme pridruživanja: studeni 2009.

Tweetovi

Blokirali ste korisnika/cu @manuelvsousa

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @manuelvsousa

  1. proslijedio/la je Tweet

    Change to cookies' "SameSite" attribute now is Feb. 17 instead of Feb. 4 & is only for an "initial limited population." "We will be closely monitoring and evaluating ecosystem impact from this initial limited phase through gradually increasing rollouts."

    Prikaži ovu nit
    Poništi
  2. proslijedio/la je Tweet
    31. sij

    , , and I are starting a new security blog. In our first write-up, we will discuss the impact of "SameSite by default" and how it affects web app sec. Feel free to request future topics you would like us to cover.

    Poništi
  3. proslijedio/la je Tweet
    29. sij

    Unpopular tweet. I don’t like Star Wars, never did, and I never had trouble exiting vim.

    Poništi
  4. proslijedio/la je Tweet
    22. sij

    Earlier today we published the details of a set of vulnerabilities in Safari's Intelligent Tracking Prevention privacy mechanism: . They are... interesting. [1/9]

    Prikaži ovu nit
    Poništi
  5. proslijedio/la je Tweet
    22. sij

    Apple/Safari Intelligent Tracking Prevention is a mechanism intended to improve privacy. It was found to have privacy vulnerabilities allowing sites to track the user (and fingerprint), and to stealing web browser history of a user. Incredible find.

    Prikaži ovu nit
    Poništi
  6. proslijedio/la je Tweet
    8. sij

    New Writing Bypass SameSite Cookies Default to Lax and get CSRF Looking at a new Chrome feature and the 2 minute quirk which make it possible to bypass it, also solution to my CSRF challenge.

    Poništi
  7. proslijedio/la je Tweet
    23. pro 2019.

    Ever wondered what makes a CTF challenge good? I've asked myself that many times. I wrote this to help me answer that question based on discussions with others in the community

    Prikaži ovu nit
    Poništi
  8. proslijedio/la je Tweet
    25. stu 2019.

    XSS is cool and all, but this is next level. You should all watch this to face the bugs that will plague us for the next few years at least.

    Poništi
  9. proslijedio/la je Tweet
    19. stu 2019.

    I presented about Site Isolation in Google's event called 🙂 / "The world of Site Isolation and compromised renderer" Slide: Video:

    Prikaži ovu nit
    Poništi
  10. proslijedio/la je Tweet
    18. stu 2019.

    Here’s probably my favorite XSS of this year :) This is why we love legacy browser features like DOM Clobbering ;)

    Poništi
  11. proslijedio/la je Tweet
    Poništi
  12. proslijedio/la je Tweet
    12. stu 2019.

    I published yet another article about Cache Probing Attack! Today I discovered that the report has been indexed by crawlers, so I reached out to and with his approval, created a short article about my findings :)

    Poništi
  13. proslijedio/la je Tweet
    10. stu 2019.

    2019 is over - turns out you can selectively block subresources if you have HTML injection by using link preload with the integrity attribute:

    Poništi
  14. proslijedio/la je Tweet
    6. stu 2019.

    On our way to finals. See you all in Grenoble.

    Poništi
  15. proslijedio/la je Tweet
    4. stu 2019.

    One of the few unsolved tasks in was (mainly an excuse for me to play Beat Saber :-) but also revealed that PNaCl as an XSS vector is not very well known!

    Prikaži ovu nit
    Poništi
  16. 30. lis 2019.

    If you are interested in XSLeaks, check out my latest write up about the notes-app of Backdoor CTF 2019. You had to leak the flag thought the search system, abusing a very cool behavior of Firefox. via

    Poništi
  17. 24. lis 2019.

    What a great presentation. Make sure to check this out!

    Poništi
  18. 18. lis 2019.
    Poništi
  19. proslijedio/la je Tweet
    16. lis 2019.

    Slides of my presentation at on web-based side-channel leaks that can be abused to perform XS-Leaks attacks (and how to defend against them):

    Poništi
  20. proslijedio/la je Tweet
    11. lis 2019.

    And 🇵🇹 finishes 10th at the . Congrats to all players and coaches for their terrific work, and specially to and for securing the top-3. See you all next year in Vienna.

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·