Perce

Just got a reward for a critical vulnerability submitted on @yeswehack -- Improper Authentication (CWE-287) #YesWeRHackers

I'm happy to release the first version of my DOMLogger++ plugin for @CaidoIO! 🔎 It improves the browser extension in several ways: • Persistent, per-project storage • Temporary session recording • AI support • Stack trace reconstitution • ... 👉 github.com/kevin-mizu/dom…

Our new website is live 🎉 Check out vulnotes.com and let us know what you think: vulnotes.com

Linux running in a PDF file via a RISC-V emulator compiled to JS

@assetnote @SLCyberSec My work on the novel SSRF technique that landed a critical payout at a Live Hacking Event: slcyber.io/assetnote-secu…

Big update: Subdomain enumeration now uses separate quotas for each plan! This means MORE data for the same price. Plus, our free tier still lets you discover hundreds of subdomains monthly - no payment required. Check out the documentation docs.profundis.io/api/subdomain-… #bugbounty

Guillaume Chouquet, fondateur et directeur de l'ESNA, viré de sa propre école par l'@Formation_bzh !!! Je suis consterné et en colère. C'est affligeant de prendre une telle décision quand on sait tout ce que le bonhomme a fait pour l'école et les alternants !

This is still v1, there's lots to improve and many gadgets to add. If you'd like to contribute or have any feedback, please don't hesitate to reach out 😁 4/4

Each library page includes: * Affected versions * A short description * Root cause of the gadget * Related links * Credit to the discoverer * And even a preview button to play with the gadget live! 3/4

The wiki lets you filter gadgets by browser, tags, attributes, CSP, and timing, making it as easy as possible to find interesting vectors (at least I hope so!) 🔎 2/4

I'm happy to release a script gadgets wiki inspired by the work of @slekies, @kkotowicz, and @sirdarckcat in their Black Hat USA 2017 talk! 🔥 The goal is to provide quick access to gadgets that help bypass HTML sanitizers and CSPs 👇 gmsgadget.com 1/4

Today was my last day as a pentester at Bsecure, and it feels a bit surreal. After a three-year journey of hunting on the side, I’m finally ready to go all-in as a full-time bug bounty hunter. To celebrate this milestone, I've written an article sharing the full story. It’s a transparent look at the path that got me here: the wins, the lessons, the real financial numbers, and my honest advice for anyone considering this adventure. You can read all about my journey from pentester to full-time hunter here: gelu.chat/posts/from-pen…

There we go, after 3 years of work, endless nights of dev and a truckload of coffee. We are finally releasing the biggest project we've done in our entire life. I hope you will like it !

DOMLogger++ v1.0.8 is now out and available! 🎉 This update includes several UX improvements, such as syntax highlighting and new shortcuts. Major changes have been made to custom types and several annoying bugs have been fixed 🚀 👉 github.com/kevin-mizu/dom…

I'm very happy to finally share the second part of my DOMPurify security research 🔥 This article mostly focuses on DOMPurify misconfigurations, especially hooks, that downgrade the sanitizer's protection (even in the latest version)! Link 👇 mizu.re/post/exploring… 1/2

I'm thrilled to finally share my research on HTML parsing and DOMPurify at @GreHack 2024 📜 The research article is available here: mizu.re/post/exploring… The slides are available here: slides.com/kevin-mizu/gre… 1/3

📢 SOIRÉE SOCIAL EVENT CE SOIR ! 🎉 📅 15 novembre 2024 🕘 On t’attend !

🚀 Exciting News I just released a (dirty) Chrome extension that lets you load all chunks of a React app in seconds. Perfect for finding hidden features using Chrome's inspector or parsing .map files using your browser ! github.com/ElSicarius/chu… #bugbountytips #Pentesting

DOMLogger++ v1.0.5 is now out and available! It comes with new features, including the ability to remove response headers, a PwnFox integration, and much more 🔥 A new config file is also available for CSPT hunting 👀 More details can be found here 👇 github.com/kevin-mizu/dom…

Pétition pour la fin du mouvement "NO DORMIRÁN" change.org/p/r%C3%A9fl%C3…