BBJP_Podcast #4

Speaker morioka12 (⁠⁠⁠⁠@scgajge12⁠⁠⁠⁠) mokusou (⁠⁠⁠⁠@Mokusou4⁠⁠⁠⁠) RyotaK (⁠⁠⁠⁠@ryotkak⁠⁠⁠⁠) Summary (link) [大テーマ] 最近の取り組み Mutation XSS (MXSS) https://research.securitum.com/mutation-xss-via-mathml-mutation-dompurify-2-0-17-bypass/ DOMPurify 2.5.3 https://github.com/cure53/DOMPurify/releases/tag/2.5.3 WAF Bypass https://x.com/hackerscrolls/status/1273254212546281473 https://gist.github.com/hackerscrolls/5c0990dfc734eeb4a9ce8cf2ccdf6fba NahamCon 2024 https://www.nahamcon.com/schedule https://scgajge12.hatenablog.com/entry/nahamcon_2024 [中テーマ] Black Hat USA 2024 "Listen to the Whispers: Web Timing Attacks that Actually Work" https://www.blackhat.com/us-24/briefings/schedule/index.html#listen-to-the-whispers-web-timing-attacks-that-actually-work-38297 "Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server!" https://www.blackhat.com/us-24/briefings/schedule/index.html#confusion-attacks-exploiting-hidden-semantic-ambiguity-in-apache-http-server-40227 "OVPNX: 4 Zero-Days Leading to RCE, LPE and KCE (via BYOVD) Affecting Millions of OpenVPN Endpoints Across the Globe" https://www.blackhat.com/us-24/briefings/schedule/index.html#ovpnx--zero-days-leading-to-rce-lpe-and-kce-via-byovd-affecting-millions-of-openvpn-endpoints-across-the-globe-38900 V8 / Chrome https://x.com/ajxchapman/status/1794629740504178762 https://blog.ajxchapman.com/ input: Browser, Web3, LLM [Q&A] バグバウンティでVPNを使っていますか？OSSの場合は何のエディタを使っていますか？ VSCode, IntelliJ IDEA Hacker News https://news.ycombinator.com/ IntelliJ IDEA Community Edition https://sales.jetbrains.com/hc/ja/articles/360021922640-%E5%95%86%E7%94%A8%E3%82%BD%E3%83%95%E3%83%88%E3%82%A6%E3%82%A7%E3%82%A2%E3%82%92%E9%96%8B%E7%99%BA%E3%81%99%E3%82%8B%E3%81%9F%E3%82%81%E3%81%AB-Community-%E3%82%A8%E3%83%87%E3%82%A3%E3%82%B7%E3%83%A7%E3%83%B3%E3%81%AE-JetBrains-IDE-%E3%82%92%E4%BD%BF%E7%94%A8%E3%81%A7%E3%81%8D%E3%81%BE%E3%81%99%E3%81%8B [Q&A] ターゲットのサービスで検証用に複数のアカウントを作りたい時は、何のメールを使っていますか？ Hacker Email Alias https://docs.hackerone.com/en/articles/8404308-hacker-email-alias Temp Mail - Disposable Temporary Email https://addons.mozilla.org/ja/firefox/addon/temp-mail/ XSS in PDF.js https://x.com/albinowax/status/1792568684713500935 https://codeanlabs.com/blog/research/cve-2024-4367-arbitrary-js-execution-in-pdf-js/ Web Page ⁠⁠⁠⁠https://bugbountyjppodcast.notion.site/Bug-Bounty-JP-Podcast-8bf1080383a54c4a8848f10bfeb874b3?pvs=4⁠⁠⁠⁠ Survery ⁠⁠⁠⁠https://forms.gle/wkr2jkc3m9o8NhPk7⁠⁠⁠⁠ BBJP_Podcast で話して欲しいテーマや聞きたいことなどを Google Form で募集しています。 感想も X(Twitter)でハッシュタグ「#BBJP_Podcast」や Google Formでいただけると嬉しいです。

There are no comments yet.

Please log in to write the first comment.