Sebastian Lekies

@slekies

Automated Security Scanning & Vulnerability Management

Zürich, Schweiz
Vrijeme pridruživanja: listopad 2011.

Tweetovi

Blokirali ste korisnika/cu @slekies

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @slekies

  1. Prikvačeni tweet
    1. ruj 2017.

    Code-Reuse attacks for the Web: ret2libc for JavaScript ( )

    Poništi
  2. 27. sij

    Are there any good open source tools to measure code complexity? Or in other words: A tool that takes a code base as an input and produces a list of the most complex functions or classes.

    Poništi
  3. proslijedio/la je Tweet
    26. sij

    Security people, learn 👏 how 👏 to 👏 code 👏!

    Poništi
  4. proslijedio/la je Tweet
    26. sij

    I should mention I'm hiring security engineers both in Sunnyvale and Zürich. Come shape how we do automated security scanning at Google, and find more bugs in a hour than all bughunters combined in a day.

    Prikaži ovu nit
    Poništi
  5. proslijedio/la je Tweet
    24. sij

    Our research on Safari's Intelligent Tracking Prevention (ITP) is now available on cc

    Poništi
  6. proslijedio/la je Tweet
    22. sij

    Earlier today we published the details of a set of vulnerabilities in Safari's Intelligent Tracking Prevention privacy mechanism: . They are... interesting. [1/9]

    Prikaži ovu nit
    Poništi
  7. proslijedio/la je Tweet
    26. pro 2019.

    CFP for closes in ~42 hours! This is a final reminder to submit your work on Measurements, Attacks and Defenses for the Web. Happy holidays, researchers!

    Poništi
  8. proslijedio/la je Tweet
    16. pro 2019.

    Asking for a friend (really!): Anybody searching for a data analyst in Zurich? DM me!

    Poništi
  9. proslijedio/la je Tweet
    5. pro 2019.

    The paper submission deadline for the MADWeb workshop is in ~2 weeks! Send us your amazing web security papers and join us on February 23 (co-located with ) for some fruitful discussions about the current state of the web!

    Poništi
  10. proslijedio/la je Tweet
    18. lis 2019.

    Things I hate in modern browsers: * sync xhr * document.write * with statements Things I've used to do kinda awesome security things with browsers: * sync xhr * document.write * with statements

    Poništi
  11. proslijedio/la je Tweet
    17. lis 2019.

    Our free / will start in 3 weeks in . In case you're interested you can RSVP at as long as there are still seats available (first come, first serve) 🚩

    Poništi
  12. proslijedio/la je Tweet
    9. lis 2019.
    Poništi
  13. 18. ruj 2019.

    The security scanner engineering team is growing! If you have both, security and software engineering experience, and are interested in a full time position reach out to me via PM. The position is based in Zurich. Remote work is not possible. Please RT.

    Poništi
  14. proslijedio/la je Tweet
    9. ruj 2019.

    I like & have been playing with some corner cases. Here's a fun one: Implied by "TS is a superset of JS" is that the subset behaves the same. So: Is it possible to write valid JS which runs differently when interpreted as TS? (A: Yes!)

    Poništi
  15. proslijedio/la je Tweet
    5. ruj 2019.

    Blogged! I analyzed the new portal <portal> element in Chrome a few months ago and it resulted in a few interesting bugs, including SOP bypass and arbitrary file read in Chrome ($10k bounty)! Write up: CC:

    Prikaži ovu nit
    Poništi
  16. proslijedio/la je Tweet
    5. kol 2019.

    A private talk I did few years ago, about how I turned a self-XSS to a site-wide CSRF on Twitter with MIME Sniffing, Cookie and OAuth tricks. I will present even more obscure Cookie tricks in this year .

    Prikaži ovu nit
    Poništi
  17. proslijedio/la je Tweet
    29. kol 2019.

    thanks to , for their joint work on this. This has been a huge effort to pull apart and document almost every byte of a multi-year in-the-wild exploitation campaign, which used 14 different iOS exploits.

    Prikaži ovu nit
    Poništi
  18. proslijedio/la je Tweet
    19. kol 2019.

    I think this response will make history with its claims around Web Application Firewalls. Saying that the real issue here was a misconfig in a WAF - i.e. blaming a mitigation - is fairly ridiculous. I wish we could all laugh about it.

    Poništi
  19. proslijedio/la je Tweet
    19. kol 2019.

    An article titled "How to Build Good Software" sounds like a bold claim but this one delivers. It simply answers why governments and big tech companies spend millions building bad software yet a group of college friends can build systems 10x better.

    Prikaži ovu nit
    Poništi
  20. proslijedio/la je Tweet
    15. kol 2019.

    Bluetooth is broken: A third party can force a one byte encryption key on any Bluetooth connection in range, even between already paired devices. It's bad.

    Poništi
  21. proslijedio/la je Tweet
    13. kol 2019.
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·