Sign in with Twitter

Username:

Hacking the Web and Browsers. Securing Edge by breaking it. Opinions are my own and not the views of @Microsoft.

68 Following   3,938 Followers   1,379 Tweets

Joined Twitter 3/19/13


@terjanq @kkotowicz @mikispag @we1x If it never committed a navigation and you could overwrite while it was on "abo… https://t.co/by4VvHZXMz @terjanq @kkotowicz @mikispag @we1x For the javascript: URI, it's worth reporting. What's probably happening is tha… https://t.co/O4QvswfE6k @terjanq @kkotowicz @mikispag @we1x If javascript: scheme isn’t inheriting CSP from navigation initiator, then tha… https://t.co/YzKtBHHB2D @terjanq @kkotowicz @mikispag @we1x So writing unsafe content in same-origin iframe vs local scheme not inheriting… https://t.co/wc47gUhrUv @kkotowicz @terjanq @we1x @mikispag @threatpost @chromium Yup, there is no term defined :) Anyways this was a nice… https://t.co/Q2Hz5aGXXF @terjanq @we1x @kkotowicz @mikispag @threatpost @chromium So I think there are differences in what Chromium guys sa… https://t.co/hLHb9uqOZV @terjanq @kkotowicz @mikispag @we1x It’s fair to assume that iframe is inserted by legit app, because what attacker… https://t.co/Jn2n3OBZtA @terjanq @kkotowicz @we1x I think it used something like javascript:”<b>test</b>”, which won’t execute script but starts rendering HTML.
8/11
2020
@SecurityMB @BugsChromium 🤣XSS on chrome://histograms/ with a compromised renderer https://t.co/UWSe9hKzd2
Retweeted by Jun Kokatsu
7/30
2020
@hasegawayosuke Object.entries(obj).filter(obj => obj[1] == 'alpha')[0][0] まだきれいじゃない。。。そもそもalphaをkeyにするべきでは。
7/28
2020
@stommepoes This might be interesting read for you ;) https://t.co/6k5zIBzV2X個人的にはWebNFCなどの強力なAPIはPWAでのみ使用可能にして、モバイルアプリと同じ様なインストール時のパーミッション取得(https://t.co/9sgktnTEir)するしかないと思ってる。もちろんSecurerContext=Injectionも必須で。ブラウザから見ても凄い難しい話。確かにサンドボックスを保つ為にデバイスへのアクセスは出来るだけ無くしたいがそのせいでユーザーがセキュアでないプラットフォームを使わなきゃいけないなら本末転倒。しかしWebNFCなんかWebに必要じゃ… https://t.co/3DDcgtFMBq
7/18
2020
@spoofyroot Am I eligible?
7/15
2020
The MSRC team in Cheltenham, UK is hiring! We're looking for someone delighted by vulnerability research and analy… https://t.co/mUAljp1rhZ
Retweeted by Jun Kokatsu
7/14
2020
A tricky URL spoofing bug that I reported two years ago to Mozilla and it is still working: https://t.co/lJF2rGMlcKhttps://t.co/3y58Lr6KvS
Retweeted by Jun Kokatsu
7/7
2020
@randomdross @ericlaw I might be underestimating though :) We should talk (when we are at phase 4) :D @randomdross @ericlaw My argument is, don’t implement a first line of defense security feature that’s complicated t… https://t.co/IG4j2F6065 @randomdross @ericlaw Re: “browser should be doing that”. I agree, but I don’t see a security feature that is maint… https://t.co/OirP8CWp4x @randomdross @ericlaw Demand for policies will be there in your proposal because there won’t be a way to enforce ne… https://t.co/f3uHgGbkLD @randomdross @ericlaw Hmm, I don’t understand this part. Purification just provide a way to build your own sanitize… https://t.co/zWIKwJX6r7 @randomdross @ericlaw Yes, you’d need to do it for each policy. And then think about each policy when you expose/ch… https://t.co/7jrFwmfruD
7/4
2020
@randomdross @ericlaw Yes, we have that problem already🙃 https://t.co/d44nEC2RMl @ericlaw @randomdross There is basically no one who can explain what inplementers are doing wrong on C++ layer for… https://t.co/DUDEoWTC4B @ericlaw @randomdross Right, but when you have more people, they can come up with good practices (e.g. Strict CSP f… https://t.co/eWW4mZpHuK @randomdross I think what we are getting at is, whether we want browsers to fix bugs or each web apps to do that. F… https://t.co/JK4xF08XEc @randomdross This proposal seems easy to use for Web apps, but difficult to implement for browsers. Demand for new… https://t.co/DXkL3rAVDr @garethheyes @we1x @randomdross It’s definitely fun for folks who’s job is to hack stuff (including me), and insecu… https://t.co/lzuWeJkHx6 @randomdross Maybe comment your opinion on the thread? It’s still an intent to prototype, so there can be changes m… https://t.co/dcqAGrUss7
7/3
2020
@BugsChromium “Fixed” 😂 This can’t be fixed without https://t.co/9D1hGWKXJZ @hasegawayosuke 先程の方法の後者であれば、https://t.co/OWo4CRVwzAを使えばどうにかなると思いますが、ローカルファイル側は更新があったかの確認は必要でしょうね。Webを冒涜したくなければ、ハックを避けて正規の方法で実装するのが無難かとw @hasegawayosuke スクリプトから適当なローカルファイルに書き込んでそれを拡張から読むことでメッセージを送受信出来ると思います。ローカルファイルにHTMLを書き込めば、そのローカルファイルを新しいタブに開くことで、拡張にメッセージを送る方法もあります。
7/2
2020
@CTurtE Where are you m8? Are you alright?
6/27
2020
@sirdarckcat @kkotowicz Hmm, how does it fix Blob URL issue then? 🤔More context in https://t.co/bexrFvVGCuYet another unfortunate DOM XSS sink that can’t be protected by Trusted Types 😔 https://t.co/fgtKuxly3W
6/21
2020
@SecurityMB Great job! UXSS: $2k CSS injection: $10k 🤔We are publishing the research of Copy&Paste issues in browsers by @SecurityMB. Over $30k in bounties for bugs in C… https://t.co/9OzwkAn6J5
Retweeted by Jun Kokatsu
6/15
2020
@BugsChromium @SecurityMB, this should’ve shown the reward :)
6/4
2020
@ifsecure Hope you didn't feel bad about me saying Cryptominer to Domato. I'm just amazed about Domato still being… https://t.co/VmxFJKhMVwDomato still being one of the best "Cryptominer"👌 https://t.co/xuldDbqEoC
6/2
2020
@spoofyroot It’s just embargo lifted due to Sergei joining P0 :)
5/28
2020
@mramydnei Eid Mubarak!!
5/24
2020
Site Isolation 及び Web のセキュリティモデルの更新 | https://t.co/NvreqvJXiz https://t.co/I6t0FziCIr
Retweeted by Jun Kokatsu
5/23
2020
Announcing Twitter account: @BugsChromium. Similarly to @ProjectZeroBugs, It periodically tweets about bugs in Chro… https://t.co/JzZJBNXMQP
Retweeted by Jun Kokatsu
5/22
2020
@freddyb @TomRittervg Style-src ‘self’ :) Chrome hosts embed element with style attribute, which actually renders P… https://t.co/E7gpEAKeKM
5/5
2020
@freddyb @TomRittervg LOL, your style-src was so strict that Chromium PDF viewer broke :D
5/4
2020
@fuug1003 家から働かなきゃいけないこの時期には有難いぜ!夏は短いけどねwBest WFH shot😂 “Daddy’s not suppose to work at home!” https://t.co/1xNPLZpPgS
4/16
2020
If you are worried about XS-Leaks, and your site renders untrusted cross-origin iframe (e.g. Ads), you should use t… https://t.co/KNDgotE6gQ🤭 https://t.co/RhamFOWnGG
4/3
2020
@l4wio Good luck!
3/20
2020
I should create a bot to auto-retweet Sergei's reports 😀Everything he reports are really interesting 🤯 https://t.co/HAh1Du01pp
3/11
2020
@hasegawayosuke 冗談にRFCとブラウザ実装とMDNまである所が好きです! https://t.co/UcWUVODqJ8 @hasegawayosuke 418
3/10
2020
🤯 https://t.co/S20xfgW3sI
3/6
2020
@Qab Congrats and welcome!!!Me and @Qab used to hack IE together as a Bug Hunter. Now we’ll be working in the same team, hacking Edge and Chrom… https://t.co/HroE3n83iI
3/5
2020
Mozaicで話したスペクター関連の話をまとめてみました。3時間も話を聞く暇がない人は読んでみて下さい🙂 / "投機的なWebの修復" https://t.co/LQZUUw6YPR
3/3
2020
@mikewest Of course! I even love to hear podcasts where YOU interviewing Chrome security team members and asking wh… https://t.co/TuDGgQIa6L @mikewest We could have cross browser security podcast if you want? We can have more fun by almost talking about 0days? No? :P
3/2
2020
@we1x Nice! :) @yousukezan そうですね。時間対効果とかも考えてしまってどんどんやる気が失せてきますねw GoogleのResearch Grantはオススメです。お金が先に貰えてしまう為、強制的にバグハンティングをせざるを得ないですし… https://t.co/FynSRAVTp5 @yousukezan 飽きですね。僕も最近仕事以外でバグハンティングやるモチベーションが出ないですw
3/1
2020
@spoofyroot Or remote Pwn2Own. PwnFromHome :)
2/29
2020
Wanna join a team of world-class security engineers? My Team is looking for a web security expert to lead the effor… https://t.co/xu1e4ZLwfi
Retweeted by Jun Kokatsu
2/26
2020
Stay classy, Google. https://t.co/XahAXR2ds5
Retweeted by Jun KokatsuGood bye AppCache... in Chrome 82 https://t.co/8OtSqhPSyj
2/19
2020
@Qab Congrats!!
2/18
2020
雑談編 https://t.co/5LdrYdWnWV @itszn13 Nice talk! In case you haven’t seen it yet, I presented some ways to bypass Site Isolation 🙂… https://t.co/myvavlZhKL
2/17
2020
Escaping the Chrome Sandbox with RIDL https://t.co/OWqNSYDgEU
Retweeted by Jun Kokatsu
2/15
2020
We are really close to bypass nonce-based CSP in Firefox😉 1 No nonce-hiding protection 2 Single injection is enough… https://t.co/RiQfij37s3 @kkotowicz Well, that’s the promise of <template> :) Anyways new HTML tags are always welcome :) Help break blackli… https://t.co/hAS44GqUxc @Qab @spoofyroot Oh, it’s not me :) We have some crazy folks, who can mess with V8 and chrome in general :D
2/13
2020
@Jxck_ さんとSpectreやXS-LeaksやCross-Origin-*ヘッダーについて話しました! / ep63 Cross Origin Info Leaks https://t.co/S7YKKCmiMr
Retweeted by Jun KokatsuProject Zero blog: "A day^W^W Several months in the life of Project Zero - Part 1: The Chrome bug of suffering" by… https://t.co/fU1EUTdQpN
Retweeted by Jun Kokatsu
2/12
2020
@Jxck_ さんとSpectreやXS-LeaksやCross-Origin-*ヘッダーについて話しました! / ep63 Cross Origin Info Leaks https://t.co/S7YKKCmiMr
2/11
2020
Nice #xsleaks by @arturjanc https://t.co/iStu9YGItQ
2/6
2020
@mikewest BTW, your tweet marketing didn't work this time (luckily my colleague told me to read). You should tweet… https://t.co/hmjqT1JLhk @mikewest Inner response header and outer response header are different in SXG/Web Packaging AFAIK. That’s another… https://t.co/FXo5bLkUKB @mikewest Not sure isolation would work only considering window reference or response header. Window reference migh… https://t.co/y6anGMlf9N
2/5
2020
@terjanq @Google @lbherrera_ @sirdarckcat Congrats!
1/30
2020
As I have no cool new findings, lets start the year with an old IE bug - bypassing Content-Disposition: attachment… https://t.co/6gn283NBzf
Retweeted by Jun Kokatsu
1/26
2020
@filedescriptor Edge and IE is alive!!1
1/25
2020
@kinugawamasato 僕も同じようなの見つけました。僕の場合は最後にスラッシュを付けたら拡張が無効になりました。 https://t.co/bY25AvhKhl
1/23
2020
Apple/Safari Intelligent Tracking Prevention is a mechanism intended to improve privacy. It was found to have priva… https://t.co/qQoMdSBFP5
Retweeted by Jun KokatsuI'm happy to welcome @7unz and @posidron to the #MicrosoftEdge Vulnerability Research Team!
Retweeted by Jun Kokatsu
1/22
2020
@SecurityMB @sirdarckcat @reybango @GoogleVRP Haha, first I need your book to be English! Then I’ll definitely read :)
1/19
2020
@sirdarckcat @reybango @GoogleVRP Nice! I don’t read books :D Only blog posts :D @reybango @GoogleVRP Just an appreciation card and a letter from Google VRP :)Thanks @GoogleVRP! https://t.co/WaZlnyaUbK
1/18
2020
@freddyb https://t.co/NkKhvakWAj @spoofyroot Wait, but you said... https://t.co/fi6svIitUF🤑🤑🤑 https://t.co/XrHMy7yfIP
1/15
2020
セキュリティを学び始めて、好奇心旺盛な人にはブラウザのハッキングをお勧めします。好きなだけハッキングしても自分のPC内なので怒られないし、ブラウザベンダーに報告すれば勉強になるフィードバックも沢山貰える。 https://t.co/vsbZ52ID2Z
1/10
2020
My team is once more hiring vulnerability researchers for our Redmond WA office. This is for low-level OS/platform… https://t.co/9hePoMlFsf
Retweeted by Jun Kokatsu
1/9
2020
@ricardo_iramar @sirdarckcat So true LOL @sirdarckcat IMO, "signal" or "reputation" is for company and not for bug hunters. Bug hunters cares about ranking,… https://t.co/DrElb9x9tT
1/7
2020

0