In case you missed it...the DEF CON video of my talk 'Splitting the Email Atom' is finally here! 🚀 Learn how to turn an email address into RCE on Joomla, bypass Zero Trust defences, and exploit parser discrepancies for misrouted emails.

RT @Burp_Suite: Welcome to the next evolution of Burp Suite… 🚀 #BurpAI

RT @kevin_mizu: I'm very happy to finally share the second part of my DOMPurify security research 🔥 This article mostly focuses on DOMPuri…

RT @albinowax: Per popular demand, Turbo Intruder 1.51 now inserts results at the top of the table so you can watch them arrive without scr…

RT @angealbertini: We hexplored the basics of hash collisions and how they can be exploited, exploiting MD5 with Png, Gif, mp4 or Jpg, and…

RT @angealbertini: In the next livestream, we’ll extend file format tricks to cryptography and abuse hash collisions:

RT @leanpub: JavaScript for hackers by Gareth Heyes is on sale on Leanpub! Its suggested price is $35.00; get it for $14.00 with this coupo…

RT @d4d89704243: We've updated our URL validation bypass cheat sheet with this shiny Domain allow list bypass payload contributed by @dyak0…

RT @ruben_v_pina: form-action Content Security Policy Bypass This bypass can help you turn those unexploitable XSS bugs into exploitable v…

@RenwaX23 I didn't think there would be any difference that's why it wasn't included originally but based on feedback some users use Edge and not Chrome.

@S1r1u5_ I love a bit of NextJS sandwich :D

RT @PortSwiggerRes: The results are in! We're proud to announce the Top ten web hacking techniques of 2024!

RT @we1x: Building secure web apps shouldn't be a burden. We've built a high-assurance web framework at Google that makes security easy for…

@SMHTahsin33 Great post mate! It was a pleasure to collaborate with you

@ryancbarnett Lol

@naugtur Ah I see yeah that would be easy detect. I guess the malware could show you down a different path if sandboxed but anyway really interesting stuff I might play with hardened JS myself

@naugtur How would you prevent time based obfuscation such as detecting paused execution e.g if over 500 ms has occurred between calls for example?

RT @thejsnation: 🎙️"Watch Me Run Malware From NPM" — Don’t miss this insightful talk by @naugtur! Watch the recording🍿