morioka12 (@scgajge12)
mokusou (@Mokusou4)
RyotaK (@ryotkak)
[大テーマ] 最近の取り組み
Mutation XSS (MXSS)
https://research.securitum.com/mutation-xss-via-mathml-mutation-dompurify-2-0-17-bypass/
DOMPurify 2.5.3
https://github.com/cure53/DOMPurify/releases/tag/2.5.3
WAF Bypass
https://x.com/hackerscrolls/status/1273254212546281473
https://gist.github.com/hackerscrolls/5c0990dfc734eeb4a9ce8cf2ccdf6fba
NahamCon 2024
https://www.nahamcon.com/schedule
https://scgajge12.hatenablog.com/entry/nahamcon_2024
[中テーマ] Black Hat USA 2024
"Listen to the Whispers: Web Timing Attacks that Actually Work"
https://www.blackhat.com/us-24/briefings/schedule/index.html#listen-to-the-whispers-web-timing-attacks-that-actually-work-38297
"Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server!"
https://www.blackhat.com/us-24/briefings/schedule/index.html#confusion-attacks-exploiting-hidden-semantic-ambiguity-in-apache-http-server-40227
"OVPNX: 4 Zero-Days Leading to RCE, LPE and KCE (via BYOVD) Affecting Millions of OpenVPN Endpoints Across the Globe"
https://www.blackhat.com/us-24/briefings/schedule/index.html#ovpnx--zero-days-leading-to-rce-lpe-and-kce-via-byovd-affecting-millions-of-openvpn-endpoints-across-the-globe-38900
V8 / Chrome
https://x.com/ajxchapman/status/1794629740504178762
https://blog.ajxchapman.com/
input: Browser, Web3, LLM
[Q&A] バグバウンティでVPNを使っていますか?OSSの場合は何のエディタを使っていますか?
VSCode, IntelliJ IDEA
Hacker News
https://news.ycombinator.com/
IntelliJ IDEA Community Edition
https://sales.jetbrains.com/hc/ja/articles/360021922640-%E5%95%86%E7%94%A8%E3%82%BD%E3%83%95%E3%83%88%E3%82%A6%E3%82%A7%E3%82%A2%E3%82%92%E9%96%8B%E7%99%BA%E3%81%99%E3%82%8B%E3%81%9F%E3%82%81%E3%81%AB-Community-%E3%82%A8%E3%83%87%E3%82%A3%E3%82%B7%E3%83%A7%E3%83%B3%E3%81%AE-JetBrains-IDE-%E3%82%92%E4%BD%BF%E7%94%A8%E3%81%A7%E3%81%8D%E3%81%BE%E3%81%99%E3%81%8B
[Q&A] ターゲットのサービスで検証用に複数のアカウントを作りたい時は、何のメールを使っていますか?
Hacker Email Alias
https://docs.hackerone.com/en/articles/8404308-hacker-email-alias
Temp Mail - Disposable Temporary Email
https://addons.mozilla.org/ja/firefox/addon/temp-mail/
XSS in PDF.js
https://x.com/albinowax/status/1792568684713500935
https://codeanlabs.com/blog/research/cve-2024-4367-arbitrary-js-execution-in-pdf-js/
https://bugbountyjppodcast.notion.site/Bug-Bounty-JP-Podcast-8bf1080383a54c4a8848f10bfeb874b3?pvs=4
https://forms.gle/wkr2jkc3m9o8NhPk7BBJP_Podcast で話して欲しいテーマや聞きたいことなどを Google Form で募集しています。
感想も X(Twitter)でハッシュタグ「#BBJP_Podcast」や Google Formでいただけると嬉しいです。
