@SecurityMB
Followers
11K
Following
919
Statuses
1K
Improving the world’s security at Google. Opinions are mine.
Zurich, Switzerland
Joined September 2014
Finally, my research is published. It has everything you might wish for in browser security: universal XSS, mutation XSS, CSS data exfiltration, and others. Check this out! In a few days, we'll also release a 30-minute presentation about this topic.
We are publishing the research of Copy&Paste issues in browsers by @SecurityMB. Over $30k in bounties for bugs in Chromium, Firefox, Safari, Google Docs, Gmail, TinyMCE, CKEditor, and others. Includes also 0-day in Froala.
8
114
412
RT @GoogleVRP: Celebrating 15 years of password hacking 💻 🔑, Swiss Army knives (and sometimes even chainsaws or swords) included! 😲 Disco…
0
32
0
RT @OMHconf: Pewien inżynier bezpieczeństwa musi zadbać o bezpieczeństwo dosłownie tysięcy aplikacji. 💥 Jak to osiągnąć? Michał Bentkowsk…
0
2
0
Reading about new mXSS techniques always warms my heart. Amazing writeup @kevin_mizu and great bugs!
I'm thrilled to finally share my research on HTML parsing and DOMPurify at @GreHack 2024 📜 The research article is available here: The slides are available here: 1/3
1
1
36
RT @GoogleVRP: Do you want to learn more about the various Vulnerability Reward Programs offered by Google? Or you're looking for inspirati…
0
10
0
Check out the video in which I’m talking with @kkotowicz about Google VRPs. Learn how you can start hacking Google! Let me know if there’s something you’d like us to cover in future videos 😀
3
9
43
RT @lukOlejnik: Very nice presentation about web security at a scale by @SecurityMB. Finally, web security is solved for good. https://t.co…
0
1
0
[PL] Zapraszam na MSHP do Krakowa! Sam też będę miał tam prezentację 😀
Dołączysz do konferencji Mega Sekurak Hacking Party? ✅ Trzy ścieżki prezentacji: Główna (topowe / świeże tematy związane z ITsec), Hacking Depot (hackowanie na żywo), Intro (dla początkujących) ✅ Same premierowe prezentacje! ✅ Topowi prowadzący-praktycy, znani ze sceny ITsec w Polsce i za granicą ✅ Na miejscu premiera nowej książki sekuraka! Oraz możliwość spotkania z autorami ✅ -15% z kodem: sekurak-mega Szczegóły oraz zapisy:
1
0
5
@ericlaw There's a proposal: but I'm not sure what its current status. What you can do is to create a sandboxed iframe, and call from the iframe.
1
0
3
Google VRP significantly increases reward amounts! Just go and hack 😀
🚨💰 Google VRP Reward Update 💰🚨 Good news, we are significantly increasing the reward amounts offered by the Google VRP! Look out for up to 5x higher payouts and a maximum reward of $151,515! Details here:
1
0
14
@gynvael @lukOlejnik As far as I know, per spec there is basically no limit. I'm not sure what are the practical limits in browsers though.
1
0
2
RT @GoogleVRP: 🚫 DOM XSS, begone! 👋 Discover how we used Trusted Types to protect AppSheet, and how that can inform your own web applicatio…
0
37
0