terjanq
@terjanq.me
security enthusiast that loves hunting for bugs in the wild. co-founder and player of @justCatTheFish.
infosec at @google. opinions are mine.
From: https://twitter.com/terjanq
infosec at @google. opinions are mine.
From: https://twitter.com/terjanq
Pinned
terjanq
@terjanq.me
· Dec 10
Extended the starter with shy writers! 😀 If you're not on the list but write about web security, then feel free to reply with the article you're most proud of, and I will add you to the pack!
Make sure to resubscribe to not not miss on the amazing 🌐research!
go.bsky.app/9JXnB17
Make sure to resubscribe to not not miss on the amazing 🌐research!
go.bsky.app/9JXnB17
Reposted by terjanq
During #x3ctf, I discovered an unintended solution that turned out to be a pretty cool generic technique. It allows you to detect the result of a selector during CSS Injection, bypassing any CSP restricting external requests!
Check out the writeup below:
jorianwoltjer.com/blog/p/ctf/x...
Check out the writeup below:
jorianwoltjer.com/blog/p/ctf/x...
Post: x3CTF - blogdog (+ new CSS Injection XS-Leak!) | Jorian Woltjer
A "hard web xssbot" challenge about a fun browser quirk with the is= attribute to perform CSS Injection. Bypass the strict CSP with an unintended new technique to XS-Leak a selector's result by detect...
jorianwoltjer.com
January 26, 2025 at 9:14 PM
During #x3ctf, I discovered an unintended solution that turned out to be a pretty cool generic technique. It allows you to detect the result of a selector during CSS Injection, bypassing any CSP restricting external requests!
Check out the writeup below:
jorianwoltjer.com/blog/p/ctf/x...
Check out the writeup below:
jorianwoltjer.com/blog/p/ctf/x...
Reposted by terjanq
Here is (finally) the writeup and conclusion of the challenge:
joaxcar.com/blog/2024/12...
Maybe not the best write-up, but I have to allow myself to actually post, rather than refactor, posts. I hope someone finds it useful. And thanks everyone that participated. Special shoutout to @terjanq.me
joaxcar.com/blog/2024/12...
Maybe not the best write-up, but I have to allow myself to actually post, rather than refactor, posts. I hope someone finds it useful. And thanks everyone that participated. Special shoutout to @terjanq.me
December 20, 2024 at 10:52 PM
Here is (finally) the writeup and conclusion of the challenge:
joaxcar.com/blog/2024/12...
Maybe not the best write-up, but I have to allow myself to actually post, rather than refactor, posts. I hope someone finds it useful. And thanks everyone that participated. Special shoutout to @terjanq.me
joaxcar.com/blog/2024/12...
Maybe not the best write-up, but I have to allow myself to actually post, rather than refactor, posts. I hope someone finds it useful. And thanks everyone that participated. Special shoutout to @terjanq.me
settings ➡️ content & media ➡️ threads ➡️ experimental
Helps a lot with longer threads!
Helps a lot with longer threads!
December 15, 2024 at 1:19 PM
settings ➡️ content & media ➡️ threads ➡️ experimental
Helps a lot with longer threads!
Helps a lot with longer threads!
Reposted by terjanq
Imagine opening a Discord message and suddenly your computer is hacked.
We discovered a bug that made this possible and earned a $5,000 bounty for it.
Here's the story and a beginner-friendly deep dive into V8 exploit development.
watch: youtu.be/R3SE4VKj678?...
We discovered a bug that made this possible and earned a $5,000 bounty for it.
Here's the story and a beginner-friendly deep dive into V8 exploit development.
watch: youtu.be/R3SE4VKj678?...
Hacking Discord for $5000 Bounty
YouTube video by Mrgavyadha
youtu.be
December 14, 2024 at 3:11 PM
Imagine opening a Discord message and suddenly your computer is hacked.
We discovered a bug that made this possible and earned a $5,000 bounty for it.
Here's the story and a beginner-friendly deep dive into V8 exploit development.
watch: youtu.be/R3SE4VKj678?...
We discovered a bug that made this possible and earned a $5,000 bounty for it.
Here's the story and a beginner-friendly deep dive into V8 exploit development.
watch: youtu.be/R3SE4VKj678?...
Got sniped into the challenge and ended up doing some cool XSS research :D
11 char XSS with mind-boggling race-conditions.
TL;DR the final payload is location=x (10 chars) and the longest is top.Z.x=x.d (11 char)
It's shorter than location=name !!
terjanq.me/solutions/jo...
11 char XSS with mind-boggling race-conditions.
TL;DR the final payload is location=x (10 chars) and the longest is top.Z.x=x.d (11 char)
It's shorter than location=name !!
terjanq.me/solutions/jo...
December 14, 2024 at 1:17 PM
Got sniped into the challenge and ended up doing some cool XSS research :D
11 char XSS with mind-boggling race-conditions.
TL;DR the final payload is location=x (10 chars) and the longest is top.Z.x=x.d (11 char)
It's shorter than location=name !!
terjanq.me/solutions/jo...
11 char XSS with mind-boggling race-conditions.
TL;DR the final payload is location=x (10 chars) and the longest is top.Z.x=x.d (11 char)
It's shorter than location=name !!
terjanq.me/solutions/jo...
Reposted by terjanq
15 terjanq.me/solutions/jo...
Can be most likely improved but didn't yet figure out how to properly race condition with shorter payloads like top.x.x+="" 😶
Can be most likely improved but didn't yet figure out how to properly race condition with shorter payloads like top.x.x+="" 😶
terjanq.me
December 13, 2024 at 1:24 PM
15 terjanq.me/solutions/jo...
Can be most likely improved but didn't yet figure out how to properly race condition with shorter payloads like top.x.x+="" 😶
Can be most likely improved but didn't yet figure out how to properly race condition with shorter payloads like top.x.x+="" 😶
Extended the starter with shy writers! 😀 If you're not on the list but write about web security, then feel free to reply with the article you're most proud of, and I will add you to the pack!
Make sure to resubscribe to not not miss on the amazing 🌐research!
go.bsky.app/9JXnB17
Make sure to resubscribe to not not miss on the amazing 🌐research!
go.bsky.app/9JXnB17
December 10, 2024 at 10:29 PM
Extended the starter with shy writers! 😀 If you're not on the list but write about web security, then feel free to reply with the article you're most proud of, and I will add you to the pack!
Make sure to resubscribe to not not miss on the amazing 🌐research!
go.bsky.app/9JXnB17
Make sure to resubscribe to not not miss on the amazing 🌐research!
go.bsky.app/9JXnB17
Reposted by terjanq
I started a Web Security Writers starter pack. Had to add 7 accounts so settled on a couple of obvious names but the idea I have for the starter is different. Please share your BEST writeup / article in the reply and I will add you to the pack! Let's shake the platform a bit with amazing research! 🕸️
Web Security Writers
Join the conversation
go.bsky.app
December 1, 2024 at 4:34 PM
I started a Web Security Writers starter pack. Had to add 7 accounts so settled on a couple of obvious names but the idea I have for the starter is different. Please share your BEST writeup / article in the reply and I will add you to the pack! Let's shake the platform a bit with amazing research! 🕸️
I started a Web Security Writers starter pack. Had to add 7 accounts so settled on a couple of obvious names but the idea I have for the starter is different. Please share your BEST writeup / article in the reply and I will add you to the pack! Let's shake the platform a bit with amazing research! 🕸️
Web Security Writers
Join the conversation
go.bsky.app
December 1, 2024 at 4:34 PM
I started a Web Security Writers starter pack. Had to add 7 accounts so settled on a couple of obvious names but the idea I have for the starter is different. Please share your BEST writeup / article in the reply and I will add you to the pack! Let's shake the platform a bit with amazing research! 🕸️
Reposted by terjanq
My latest blog post is live! nastystereo.com/security/cro...
Read how to send a cross-site POST without including a Content-Type header (without CORS). It even works with navigator.sendBeacon
Read how to send a cross-site POST without including a Content-Type header (without CORS). It even works with navigator.sendBeacon
November 27, 2024 at 9:10 AM
My latest blog post is live! nastystereo.com/security/cro...
Read how to send a cross-site POST without including a Content-Type header (without CORS). It even works with navigator.sendBeacon
Read how to send a cross-site POST without including a Content-Type header (without CORS). It even works with navigator.sendBeacon
Great article about mXSS by @jorianwoltjer.com!
To summarize what I have learned about Mutation XSS, my CVE, and the solution to my challenge, I wrote a post going through it all.
If you like regular XSS, this is a whole new world of crazy techniques and many sanitizer bypasses. You too can learn this!
jorianwoltjer.com/blog/p/hacki...
If you like regular XSS, this is a whole new world of crazy techniques and many sanitizer bypasses. You too can learn this!
jorianwoltjer.com/blog/p/hacki...
Post: Mutation XSS: Explained, CVE and Challenge | Jorian Woltjer
Learn how to bypass HTML sanitizers by abusing the intricate parsing rules and mutations. Including my CVE-2024-52595 (lxml_html_clean bypass) and the solution to a hard challenge I shared online
jorianwoltjer.com
November 27, 2024 at 6:55 PM
Great article about mXSS by @jorianwoltjer.com!
Reposted by terjanq
Modern solutions against cross-site attacks (frederikbraun.de/modern-solut...): An article about cross-site leak attacks and browser-based defenses. You will also learn why web security best practices is always opt-in and finally how YOU can get increased security controls.
Modern solutions against cross-site attacks
Modern solutions against cross-site attacks
frederikbraun.de
November 27, 2024 at 7:50 AM
Modern solutions against cross-site attacks (frederikbraun.de/modern-solut...): An article about cross-site leak attacks and browser-based defenses. You will also learn why web security best practices is always opt-in and finally how YOU can get increased security controls.
Reposted by terjanq
Any bug bounty people around? I'm creating a starter pack of people to follow but it's pretty brief currently! Let me know if you'd like to be added: go.bsky.app/GD7hKPX
November 21, 2024 at 3:23 PM
Any bug bounty people around? I'm creating a starter pack of people to follow but it's pretty brief currently! Let me know if you'd like to be added: go.bsky.app/GD7hKPX
Reposted by terjanq
Handling Cookies is a Minefield:
Inconsistencies in the HTTP cookie specification and its implementations have caused a situation where countless websites (including Facebook, Netflix, Okta, WhatsApp, Apple, etc.) are one small mistake away from locking their users out.
grayduck.mn/2024/11/21/h...
Inconsistencies in the HTTP cookie specification and its implementations have caused a situation where countless websites (including Facebook, Netflix, Okta, WhatsApp, Apple, etc.) are one small mistake away from locking their users out.
grayduck.mn/2024/11/21/h...
November 21, 2024 at 5:11 PM
Handling Cookies is a Minefield:
Inconsistencies in the HTTP cookie specification and its implementations have caused a situation where countless websites (including Facebook, Netflix, Okta, WhatsApp, Apple, etc.) are one small mistake away from locking their users out.
grayduck.mn/2024/11/21/h...
Inconsistencies in the HTTP cookie specification and its implementations have caused a situation where countless websites (including Facebook, Netflix, Okta, WhatsApp, Apple, etc.) are one small mistake away from locking their users out.
grayduck.mn/2024/11/21/h...
Just crossed 10% of my twitter audience. 90% more to go! 🚀
November 20, 2024 at 9:31 PM
Just crossed 10% of my twitter audience. 90% more to go! 🚀
Great article about multipart parsing. Reminds me about the bypasses I found in modsec parser medium.com/@terjanq/waf...
November 19, 2024 at 1:13 PM
Great article about multipart parsing. Reminds me about the bypasses I found in modsec parser medium.com/@terjanq/waf...
Reposted by terjanq
Security Signals: Making Web Security Posture Measurable At Scale
research.google
November 17, 2024 at 1:02 PM
Reposted by terjanq
I'm in the process of creating a *web security* starter pack and need your help finding more webbies here. Please share and recommend folks passionate about web security in comments below so we can get this community started here 🙂
go.bsky.app/Uf8dZhz
go.bsky.app/Uf8dZhz
November 17, 2024 at 10:12 AM
I'm in the process of creating a *web security* starter pack and need your help finding more webbies here. Please share and recommend folks passionate about web security in comments below so we can get this community started here 🙂
go.bsky.app/Uf8dZhz
go.bsky.app/Uf8dZhz
Reposted by terjanq
If you're into web security take a look at my LocoMocoSec keynote slides from this summer about "Google's Recipe for Scaling (Web) Security": speakerdeck.com/lweichselbau...
November 16, 2024 at 10:29 PM
If you're into web security take a look at my LocoMocoSec keynote slides from this summer about "Google's Recipe for Scaling (Web) Security": speakerdeck.com/lweichselbau...