Bug Bounty JP Podcast

BBJP_Podcast #4

Listen Later

Speaker

  • morioka12 (⁠⁠⁠⁠@scgajge12⁠⁠⁠⁠)
  • mokusou (⁠⁠⁠⁠@Mokusou4⁠⁠⁠⁠)
  • RyotaK (⁠⁠⁠⁠@ryotkak⁠⁠⁠⁠)

    • Summary (link)

    • [大テーマ] 最近の取り組み
      • Mutation XSS (MXSS)
        • https://research.securitum.com/mutation-xss-via-mathml-mutation-dompurify-2-0-17-bypass/
        • DOMPurify 2.5.3
          • https://github.com/cure53/DOMPurify/releases/tag/2.5.3
          • WAF Bypass
            • https://x.com/hackerscrolls/status/1273254212546281473
            • https://gist.github.com/hackerscrolls/5c0990dfc734eeb4a9ce8cf2ccdf6fba
            • NahamCon 2024
              • https://www.nahamcon.com/schedule
              • https://scgajge12.hatenablog.com/entry/nahamcon_2024
              • [中テーマ] Black Hat USA 2024
                • "Listen to the Whispers: Web Timing Attacks that Actually Work"
                  • https://www.blackhat.com/us-24/briefings/schedule/index.html#listen-to-the-whispers-web-timing-attacks-that-actually-work-38297
                  • "Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server!"
                    • https://www.blackhat.com/us-24/briefings/schedule/index.html#confusion-attacks-exploiting-hidden-semantic-ambiguity-in-apache-http-server-40227
                    • "OVPNX: 4 Zero-Days Leading to RCE, LPE and KCE (via BYOVD) Affecting Millions of OpenVPN Endpoints Across the Globe"
                      • https://www.blackhat.com/us-24/briefings/schedule/index.html#ovpnx--zero-days-leading-to-rce-lpe-and-kce-via-byovd-affecting-millions-of-openvpn-endpoints-across-the-globe-38900
                      • V8 / Chrome
                        • https://x.com/ajxchapman/status/1794629740504178762
                        • https://blog.ajxchapman.com/
                        • input: Browser, Web3, LLM
                        • [Q&A] バグバウンティでVPNを使っていますか?OSSの場合は何のエディタを使っていますか?
                          • VSCode, IntelliJ IDEA
                          • Hacker News
                            • https://news.ycombinator.com/
                            • IntelliJ IDEA Community Edition
                              • https://sales.jetbrains.com/hc/ja/articles/360021922640-%E5%95%86%E7%94%A8%E3%82%BD%E3%83%95%E3%83%88%E3%82%A6%E3%82%A7%E3%82%A2%E3%82%92%E9%96%8B%E7%99%BA%E3%81%99%E3%82%8B%E3%81%9F%E3%82%81%E3%81%AB-Community-%E3%82%A8%E3%83%87%E3%82%A3%E3%82%B7%E3%83%A7%E3%83%B3%E3%81%AE-JetBrains-IDE-%E3%82%92%E4%BD%BF%E7%94%A8%E3%81%A7%E3%81%8D%E3%81%BE%E3%81%99%E3%81%8B
                              • [Q&A] ターゲットのサービスで検証用に複数のアカウントを作りたい時は、何のメールを使っていますか?
                                • Hacker Email Alias
                                  • https://docs.hackerone.com/en/articles/8404308-hacker-email-alias
                                  • Temp Mail - Disposable Temporary Email
                                    • https://addons.mozilla.org/ja/firefox/addon/temp-mail/
                                    • XSS in PDF.js
                                      • https://x.com/albinowax/status/1792568684713500935
                                      • https://codeanlabs.com/blog/research/cve-2024-4367-arbitrary-js-execution-in-pdf-js/

                                        • Web Page

                                        • ⁠⁠⁠⁠https://bugbountyjppodcast.notion.site/Bug-Bounty-JP-Podcast-8bf1080383a54c4a8848f10bfeb874b3?pvs=4⁠⁠⁠⁠

                                          • Survery

                                          • ⁠⁠⁠⁠https://forms.gle/wkr2jkc3m9o8NhPk7⁠⁠⁠⁠

                                            • BBJP_Podcast で話して欲しいテーマや聞きたいことなどを Google Form で募集しています。

                                            感想も X(Twitter)でハッシュタグ「#BBJP_Podcast」や Google Formでいただけると嬉しいです。

                                            ...more
                                            View all episodesView all episodes
                                            Download on the App Store
                                            Bug Bounty JP PodcastBy morioka12