MtnBer Profile Banner
Matan Berson Profile
Matan Berson

@MtnBer

Followers
3K
Following
1K
Statuses
231

Hacker and bug bounty hunter mostly focusing on client-side security. h1-702 Vigilante, h1-65 Eliminator, AWC23 Best New Hacker

Joined May 2020
Don't wanna be here? Send us removal request.
@MtnBer
Matan Berson
7 months
Just released my blog post "Bidding Like a Billionaire - Stealing NFTs With 4-Char CSTIs"! It's about a very impactful and technically interesting client-side bug I found in a major NFT site.
16
67
368
@MtnBer
Matan Berson
18 days
@monkehack @rez0__ Lol that’s way too real
1
0
3
@MtnBer
Matan Berson
20 days
RT @samwcyo: New blog post with @infosec_au: We found a vulnerability in Subaru where an attacker, with just a license plate, could retrie…
0
302
0
@MtnBer
Matan Berson
24 days
RT @slonser_: In 2024, I interacted a lot with Extensions. I decided to create a resource that will help with a basic understanding of ext…
0
94
0
@MtnBer
Matan Berson
1 month
I’m very excited to be part of the team! I can’t wait to collaborate with all of these amazing hackers and learn from them
Tweet media one
@ctbbpodcast
Critical Thinking - Bug Bounty Podcast
1 month
The moments when I'm most proud of CTBB Podcast are the moments when we're discussing original, HQ research on the pod. So, that's why we're starting the Critical Research Lab with this tremendously talented group of researchers:
Tweet media one
5
2
107
@MtnBer
Matan Berson
2 months
RT @ctbbpodcast: The character that broke Safari's cookies (with @mtnBer)
0
2
0
@MtnBer
Matan Berson
2 months
RT @NahamSec: .@CyberNews did a short documentary on bug bounties and it’s 🔥!!
0
36
0
@MtnBer
Matan Berson
2 months
RT @orange_8361: Our talk at #BHEU is done! Hope you all enjoyed it. 😉 A detailed blog is on the way, but in the meantime, check out the pr…
0
229
0
@MtnBer
Matan Berson
2 months
RT @ctbbpodcast: We made it, y'all! 100 Episodes. We put together a banger for y'all to celebrate: 8 crazy bugs from top hackers giveawa…
0
17
0
@MtnBer
Matan Berson
3 months
RT @kevin_mizu: I'm thrilled to finally share my research on HTML parsing and DOMPurify at @GreHack 2024 📜 The research article is availab…
0
176
0
@MtnBer
Matan Berson
3 months
@hackermondev That sounds like a fun bug but actually exploiting it is a bad idea
2
1
16
@MtnBer
Matan Berson
3 months
@liran_tal @WeizmanGal You should note this if you do plan to look into this idea further
@salchoman
Sal ꙮ
3 months
@WeizmanGal @we1x @MtnBer @ddworken @arturjanc You can't make a shim out of this proposal because the `prototype` property is still there, which is why it needs to be done at the language level. At Google, we delete the `__proto__` property and freeze top level prototypes, which isn't as nice as what the proposal achieves :)
1
0
1
@MtnBer
Matan Berson
3 months
@salchoman @WeizmanGal @we1x @ddworken @arturjanc Wow, this is really cool
1
0
1
@MtnBer
Matan Berson
3 months
@salchoman @WeizmanGal @we1x @ddworken @arturjanc Ahh that’s interesting. I’d love to look deeper into what are some properties that native functions use internally. I recently had a really cool bug come out of the fact that the array stringifier looks at the array’s join property.
1
0
2
@MtnBer
Matan Berson
3 months
@salchoman @WeizmanGal @we1x @ddworken @arturjanc If the constructor property is also changed to be a symbol, then that should only be a problem when accessing the properties of a class right?
1
0
2
@MtnBer
Matan Berson
3 months
@garethheyes Good point, maybe I need to move constructor to a symbol too
0
0
0
@MtnBer
Matan Berson
3 months
@WeizmanGal That's an interesting proposal. I think it should be possible to "opt into" it just by running some JS on page load. Here is my attempt
@MtnBer
Matan Berson
3 months
Here's a code snippet that as far as I can tell pretty much solves prototype pollution. It's based on and after running it you can access an object's prototype with object[Symbol.instanceProto], and object["__proto__"] will be undefined.
Tweet media one
0
0
2
@MtnBer
Matan Berson
3 months
@garethheyes Wow that’s insane. What a horrible idea
0
0
3