Sal ꙮ
@salchoman
Followers
648
Following
6K
Statuses
952
Software Entomology & Archeology at Google. Previously BurpSuite Crawler & Scanner team. Personal friend of Carlos Montoya. 🧀
Djibouti
Joined April 2012
if() I get a CSS injection...
Blink: Intent to Prototype: CSS if() function
1
0
1
@WeizmanGal @MtnBer @we1x @ddworken @arturjanc Haha, it's been on my TODO list for a while. I can't make any promises on delivery but I can promise to bump it up! Finding these is tricky, I used a custom build of Fuzzilli with some success, but there's much more to be found out there. Don't nerd snipe me, y'all!
1
0
5
@MtnBer @WeizmanGal @we1x @ddworken @arturjanc Nice! There's a whole world of them that we found back when we did this work. It's an area of PP that is still under researched IMHO with lots of potential, see my other reply!
0
0
0
@MtnBer @WeizmanGal @we1x @ddworken @arturjanc Btw, this is also how you can find PP gadgets in native JS funcs. We have a list of them that still needs publishing :/ [1] is an awesome example of stealing an array's values by polluting ` - mostly useful for sandbox bypasses tbf
1
0
4
@WeizmanGal @we1x @MtnBer @ddworken @arturjanc You can't make a shim out of this proposal because the `prototype` property is still there, which is why it needs to be done at the language level. At Google, we delete the `__proto__` property and freeze top level prototypes, which isn't as nice as what the proposal achieves :)
1
0
3
RT @SecurityMB: Check out the video in which I’m talking with @kkotowicz about Google VRPs. Learn how you can start hacking Google! Let me…
0
9
0
Love to see the constant stream of posts over the past couple months where malware developers are struggling to 1/ lift cookies and 2/ use them effectively thanks to and other changes from our Chrome/Identity colleagues 👏
I heard stealers are struggling to restore Google🍪👀 Translated post (#LummaC2): Guys, since Google has tightened the screws 🔩 and while we are exploring automation options, here are some temporary tips for working with Google accounts ☀️ Tips ⚡️ 1. For logging in, you now need to select an almost perfect location, with accuracy down to the area/region/state level 🇺🇸. 2. Each Google account now requires its own profile in an anti-detect browser. If before you could use one profile for multiple accounts, that’s no longer the case due to Google’s restrictions ☹️. 3. If you are using account recovery methods that work under the hood with multilogin, you must recover the key 🔑 using a proxy that matches the location, with accuracy down to the area/region/state level 🇺🇸. 4. If you are logging in via cookies obtained from step 3, the proxy used for login must match the proxy used for recovery 🚨. Why are these more than just tips? 🙄 1. Open your browser on your computer, log into your account. Then turn on the VPN, clear the browser cookies, and try to log into Gmail. If previously it would let you log in after such actions, now it won’t. This confirms that there’s a trigger on the IP address causing the logout 🕊️. 2. Log into your Google account, then export the cookies (you can do this using any cookie management extension), open a second browser, and import the cookies there. It will log in. Now import any other Google profile into that same browser, even your own, and you’ll get logged out 😒. 3. The third tip is confirmed by the first point in this paragraph. 4. This can easily be verified by the same IP trigger but with 100% accuracy. The login IP for cookies must match the IP used for recovery 🧐. It’s possible that Google may ease these restrictions soon, as based on our calculations, these tightened measures are also affecting regular users 🥺.
1
0
4
A different kind of programming competition in 1983
#OnThisDay 1983: Micro Live visited Datarama - the Radio West show that was broadcasting computer software programs over the airwaves. Talk about a wireless download...
0
0
0
RT @kryc_uk: A new era for security in #MicrosoftEdge and it's web integrations as #MicrosoftBing now supports nonce-based CSP on Edge Desk…
0
3
0
RT @_MG_: The exploding Hezbollah pagers situation is an incredibly impressive supply chain attack by Israel (most likely). I am sure more…
0
670
0
RT @aszx87410: there is a challenge in idekCTF 2024 called srcdoc-memos made by icesfont, it's about iframe, sandbox, CSP, navigation, sess…
0
45
0
Check out the most thorough end to end explanation of Google's recipe to eradicate entire classes of web bugs at scale
0
2
11
Go get yourself some nice prototype pollution bugs to submit to the Google VRP and tag me when you publish your 'thank you javascript' post :)
🚨💰 Google VRP Reward Update 💰🚨 Good news, we are significantly increasing the reward amounts offered by the Google VRP! Look out for up to 5x higher payouts and a maximum reward of $151,515! Details here:
0
1
20
