What windows or MacOs files reliably contain the username of the currently logged in user WITHOUT that username being part of the file path?
06.03.2026 11:24
π 0
π 0
π¬ 0
π 0
What windows or MacOs files reliably contain the username of the currently logged in user WITHOUT that username being part of the file path?
The best time to quit bug bounty was 20 months ago. The second best time is now.
Added a small feature to cspbypass.com to warn the user if unsafe-inline is detected, in which case you typically donβt need to waste time hunting for 3rd-party whitelisted CSP bypasses and go straight to inline scripts / event handlers.
Bypass CSP in a single click using my new Custom Action, powered by @renniepak.nl's excellent CSP bypass project.
It depends. Might want to checkout @intigriti.com latest blog.
Thanks for mentioning our site cspbypass.com
we at cspbypass.com recommend cspbypass.com
I was naive and deleted it myself. Someone else claimed it.
Found an XSS but got blocked by the CSP?
https://cspbypass.com has a compiled list of ways to bypass the Content-Security Policy. Check out the video below π
https://www.amazon.com/dp/B0BRD9B3GS
In a shameless effort to promote my book. I've crafted some very special vectors for you. If you like them please purchase my book to read more.
www.amazon.com/dp/B0BRD9B3GS
I was unaware of coding music to begin with. So I guess I'll check out sonicpi as well. :)
Been playing around with strudel.cc recently. It is pretty awesome!
strudel.cc#Ly9Td2VldCBE...
Great interview with @racheltobac.bsky.social shining a light in a lot of important topics, like what are likely attack vectors, impact of #AI on #security, #ethics, affecting social interactions and #privacy .
"Be politely paranoid." π
www.youtube.com/watch?v=xEdZ...
Coded some PHP today without using ChatGPT, like a mad man.
Time to reveal what I was doing withΒ @teknogeek.ioΒ back in '19.
All the hard work and sleepless nights have paid off!
Just finished a major UI overhaul of CSPBypass.com and would love your feedback. Excited to welcome ProjectDiscovery as our first sponsor. Huge thanks to their team for supporting the project and recognizing its value to the community.
I enabled sponsorships on Github for cspbypass.com.
The main goal is to cover hosting fees etc. So if you want to support my work, I would highly appreciate it if you could become a sponsor.
github.com/sponsors/ren...
Thanks!
Forgot how to bug bounty.
LOL. almost 3 years after reporting it and it being fixed, I got assigned a CVE for a vuln I found π
nvd.nist.gov/vuln/detail/...
That's awesome! Congrats!
Made hacking rooms work in real time. This demo connects three browsers with real time editing on. From Chrome I edit some HTML. This gets sent over websockets to the other browsers which call postMessage to a blob with a sandboxed iframe.
π
I have no clue any more. I have stored XSS on a specific subdomain, I have another subdomain that reflects all cookies (also http only), I can register my own OAuth clients somewhere else. But uh, I dunno. Stuff.
I feel like I have all the pieces to a ATO chain. I just have no idea what the chain would be...
I thought he would. That dude is awesome.
I think @mrtuxracer.bsky.social already does this kind of stuff as part of his bug bounty. Not cloud though.
No, the conference took place quite a while ago. This is my website, and the slides will remain available here.
<object data=# codebase=javascript:alert(document.domain)//> <embed src=# codebase=javascript:alert(document.domain)//> <object data="# alert(1)" codebase=javascript://> <embed src="#! alert(1)" codebase=javascript:>
Epic Firefox XSS vectors by Masato Kinugawa. Now available on our XSS cheat sheet including variants found by me.
Link to vectorsπ
portswigger.net/web-security...
π³οΈβπ
What are the benefits?
