Sign in with Twitter

Username:

Hacking the Web and Browsers. Securing Edge by breaking it. Opinions are my own and not the views of @Microsoft.

65 Following   3,588 Followers   1,293 Tweets

Joined Twitter 3/19/13


@kinugawamasato 僕も同じようなの見つけました。僕の場合は最後にスラッシュを付けたら拡張が無効になりました。 https://t.co/bY25AvhKhl
1/23
2020
Apple/Safari Intelligent Tracking Prevention is a mechanism intended to improve privacy. It was found to have priva… https://t.co/qQoMdSBFP5
Retweeted by Jun KokatsuI'm happy to welcome @7unz and @posidron to the #MicrosoftEdge Vulnerability Research Team!
Retweeted by Jun Kokatsu
1/22
2020
@SecurityMB @sirdarckcat @reybango @GoogleVRP Haha, first I need your book to be English! Then I’ll definitely read :)
1/19
2020
@sirdarckcat @reybango @GoogleVRP Nice! I don’t read books :D Only blog posts :D @reybango @GoogleVRP Just an appreciation card and a letter from Google VRP :)Thanks @GoogleVRP! https://t.co/WaZlnyaUbK
1/18
2020
@freddyb https://t.co/NkKhvakWAj @spoofyroot Wait, but you said... https://t.co/fi6svIitUF🤑🤑🤑 https://t.co/XrHMy7yfIP
1/15
2020
セキュリティを学び始めて、好奇心旺盛な人にはブラウザのハッキングをお勧めします。好きなだけハッキングしても自分のPC内なので怒られないし、ブラウザベンダーに報告すれば勉強になるフィードバックも沢山貰える。 https://t.co/vsbZ52ID2Z
1/10
2020
My team is once more hiring vulnerability researchers for our Redmond WA office. This is for low-level OS/platform… https://t.co/9hePoMlFsf
Retweeted by Jun Kokatsu
1/9
2020
@ricardo_iramar @sirdarckcat So true LOL @sirdarckcat IMO, "signal" or "reputation" is for company and not for bug hunters. Bug hunters cares about ranking,… https://t.co/DrElb9x9tT
1/7
2019
The most useful document of the year for me was Rule of 2😎 Thanks @fugueish and all for making such a great documen… https://t.co/VEmOFDjqO0
12/27
2019
Great find by @Qab as always 😊And these are the only valid reports we’ve got so far! Try new Edge and send us bugs 🙏 https://t.co/FwFHDLbHee
12/24
2019
Presentation about the @GoogleVRP team and our Bug Hunters. https://t.co/c87d65KPyP
Retweeted by Jun Kokatsu
12/21
2019
@lbherrera_ Nice! Finally an expected solution :D @TomNomNom @LiveOverflow Nice! And patched :DNice, and valid solution!!! But patched 😆 https://t.co/zSIgWs6vx0 @TomNomNom @LiveOverflow You can post a link to your solution in reply :) @terjanq Nice, that wasn't the expected solution but still a valid solution :) I haven't saw your report :(
12/13
2019
I'm curious who can solve this challenge😀 https://t.co/4C6xvYZb80
12/12
2019
Popping Calc with Hardware Vulnerabilities by @_tsuro https://t.co/HxJ0g9WvY6
Retweeted by Jun Kokatsu
12/10
2019
Good thing people are looking at <portal>😊 It also introduces new way to pass data across origin (just like postMes… https://t.co/nlNY5niPmU
12/6
2019
LOL, read the summary first and then read the actual report :D The report is classic :D https://t.co/Y7xF8NPYEA
12/3
2019
@fuug1003 芋洗坂係長
12/2
2019
Do you love design issues, memory corruption, or IPC/sandbox in the browser? Let’s work together to find bugs in Ed… https://t.co/OuijeiuyyA @kristoferbaxter So what will happen to https://t.co/50COdwHcCO? Is it a Wontfix?
11/27
2019
@LewisArdern Haha, thanks😊 @kkotowicz @sirdarckcat @cramforce Lol, so if anyone says they provide sandbox as a “safety feature”, it’s fine to… https://t.co/s5ZRDTUe7g
11/26
2019
If you miss AngularJS sandbox, I have a new toy for you 😊 WorkerDOM/AMP JS 😂 https://t.co/RqRUwPiEB9https://t.co/ii2FzRMn71
11/25
2019
@GoogleVRP If anyone's wondering who's Beau, watch this: https://t.co/gYsGNrWc9s
11/22
2019
@GoogleVRP Thanks! https://t.co/0zIipw3JGNCompromised renderer scam😀 https://t.co/SOX8b80g9D
11/21
2019
Just FYI, some bugs in LastPass extension, RSS subscription extension, ChromeVox Classic extension, and Adblock ext… https://t.co/btXQ1TtryuI presented about Site Isolation in Google's event called #bugSWAT🙂 / "The world of Site Isolation and compromised… https://t.co/DF72hiIc6K
11/19
2019
Here’s probably my favorite XSS of this year :) This is why we love legacy browser features like DOM Clobbering ;) https://t.co/p2RgPqmjns
Retweeted by Jun Kokatsu
11/18
2019
I published yet another #xssearch article about Cache Probing Attack! Today I discovered that the report has been… https://t.co/whRTdJ9Xjh
Retweeted by Jun Kokatsu
11/13
2019
CVE-2019-1356 - Microsoft Edge (EdgeHTML) Local file disclosure + EoP write up https://t.co/5s0U8yOKWI
Retweeted by Jun Kokatsu
11/9
2019
Sergei is amazing 🤯 https://t.co/6K2W1nz4Fo
11/7
2019
This is a story how I track DOM-based XSS🐛 issues by Semmle QL. ⚠️1 https://t.co/6aNl6s0UUD
Retweeted by Jun Kokatsu
11/6
2019
@sirdarckcat @ericlaw It should still be there. Only Native Client is removed in Anaheim.
11/5
2019
"Mix and match to bypass the same-origin policy" by @RobSinje https://t.co/83z1zMpbdvRemember expression() in CSS? It's younger brother - Paint Worklets - is back! https://t.co/HDkFljjsSv #jobsecurityisbestsecurity
Retweeted by Jun Kokatsu
11/3
2019
I published my slides at CODE BLUE 2019: "Let's Make Windows Defender Angry: Antivirus can be an oracle!" This pres… https://t.co/thTx5SNbqL
Retweeted by Jun Kokatsu
11/1
2019
@Qab Nice, I should do the same! Someday...
10/31
2019
@v6ak Right, but there are sites that allows it. https://t.co/Xny4WCmDCA @sirdarckcat @nasko I would say attacker just needs social engineering :) Chrome's clipboard sanitizer doesn't san… https://t.co/KJI8rbOPdt
10/26
2019
@nasko Attackers just need to know sensitive sites that supports pasting :) Not sensitive information, in this case :)If you copy content from untrusted source and paste it to sensitive site (knowingly or unknowingly), then you broke… https://t.co/5yxPws218h
10/25
2019
@Qab SmartScreen is too smart :)
10/23
2019
Which is not to say there aren't any bugs at all. Saw some cool ones found by @shhnjk, Sergei Glazunov, @_tsuro,… https://t.co/uUhwA8Bdoh
Retweeted by Jun Kokatsu @shhnjk And for digging deeper there's the Mojo bindings for javascript that are fun to play with: https://t.co/DN0gWm7ePz
Retweeted by Jun Kokatsu @_tsuro It's only for smart people like you :) Too complicated for me :D I'd rather write security exploit test tha… https://t.co/cdbvdCUemO
10/18
2019
You aren’t familiar with memory corruption or IPC, but still interest in testing Site Isolation? Check out my WinDb… https://t.co/7MpXqNRbJt
10/17
2019
@Qab @insertScript @terjanq @kkotowicz Can you do chrome://restart ?
10/15
2019
"the story of 𝐩𝐝𝐟𝐢𝐮𝐦 🐞𝐮𝐬𝐞-𝐚𝐟𝐭𝐞𝐫-𝐟𝐫𝐞𝐞 series" slides can be found at here: https://t.co/l3RnSNH5JZ (This slides w… https://t.co/G0krnGopN0
Retweeted by Jun Kokatsu
10/14
2019
Slides from my talk on Flash click2play at @BSidesVarazdin. The bugs you might have seen already, the slides have… https://t.co/rqKNkL89M8
Retweeted by Jun Kokatsu
10/11
2019
@kinugawamasato ブログ待ってます!w @mikewest @kkotowicz I agree with Mike. Trusted Types is great :) But it requires good sanitizer to sanitize untrus… https://t.co/Ilbbq8IkPN
10/8
2019
LOL https://t.co/69uJcULFJu
10/4
2019
I wrote an update to my nonce-based CSP + Service Worker post. Thanks for the thought @SecurityMB and @we1x! https://t.co/7H5yllhDgq @mikewest How should we solve service worker issue I discuss in below? For browsers that doesn’t support nonce-hidi… https://t.co/5DJvd71l13
10/2
2019
https://t.co/Rzymaz754S
Retweeted by Jun Kokatsu
9/29
2019
@albinowax @garethheyes @insertScript @l4wio @LewisArdern @freddyb Thanks! Your talk was one of the best talks in the conference! @insertScript @garethheyes @albinowax @l4wio @LewisArdern @freddyb Thanks! I'm also waiting for your multiple (!!!) blogposts 😆 @LewisArdern @garethheyes @insertScript @albinowax @l4wio @freddyb Haha. BTW, your talk was awesome! I do almost ev… https://t.co/zrBpDYJdze @garethheyes @insertScript @albinowax @l4wio @LewisArdern @freddyb Thanks! I respect you too :) And was great talk as always!
9/28
2019
It was great to meet you all at #GlobalAppSec! @garethheyes @insertScript @albinowax @l4wio @LewisArdern @freddyb Mario and others :)
9/27
2019
Here are my slides from XSS magic tricks https://t.co/094fotH8ok
Retweeted by Jun Kokatsu
9/26
2019
@kkotowicz Right. Hope only sanitizer uses these things. I can’t tell much on that :) @kkotowicz IIUC, sanitizer like DOMPurify will be there to sanitize untrusted input (whether you have TT or not). A… https://t.co/u8kaAif8vW @arturjanc I totally agree :) Only if there are more people looking into browser bugs of CSP bypasses, TT bypasses,… https://t.co/edsf0CXpsx @kkotowicz Right, web app doesn’t need a fix :) But I wonder how long these bugs were there in the code base. If Tr… https://t.co/Ry003mxveS @arturjanc We have! The CSP!!! But, that also have browser bugs :DSounds like even if we kill DOM XSS with Trusted Types, mXSS will still be a problem. This is why I like security :… https://t.co/FLLjopMIxm
9/25
2019
So the writeup of my latest DOMPurify bypass has been published! The evil was in </p> or </br>… https://t.co/jCiBHPVido
Retweeted by Jun Kokatsu
9/23
2019
I paid for something, got receipt in PDF, changed a parameter, and got the AWS token... This was a nice reference :) https://t.co/x0mEAa7wJS
9/21
2019
TPAC was interesting. It feels like there needs to be some way for a site to specify some other sites as their firs… https://t.co/Vf9ARgVKYx
9/19
2019
@SecurityMB Oh, yeah :D I forgot that nonce hiding is only there in Chrome :D @terjanq @lbherrera_ Haha, yeah everyone’s complaining about that :D Sorry :(Nonce-based CSP + Service Worker = CSP bypass? https://t.co/Xjxw0wwtfs @insertScript @lbherrera_ Doing a write up now :D You can still try to solve it :)Challenge is over and the winner is @lbherrera_ :) Will try my best to blog soon :) LOL, that was fast :D https://t.co/cPwug4Oq0r @mikewest Yes, as an observer :) I’ll DM you because I don’t even know who to ask :D @mikewest Is there any rules on who's allowed to join in remotely? I didn't know that was possible option...
9/18
2019
CSP bypass challenge https://t.co/X5UXvXa5P6
9/17
2019
@garethheyes @ericlaw Oh yeah, that's true :) And content script doesn't share the execution context so overwriting… https://t.co/ZrKcxJ2qTl @ericlaw I know :) The idea itself is problematic :D @ericlaw Maybe overwrite all functions and event that might trigger navigation with Content Script?… https://t.co/WxU3cMIHjc @ericlaw If you can use extension, then send message to background page and they can do chrome.tabs.create with file URL.
9/12
2019
(CVE-2019-1030) Microsoft Edge uXSS write up https://t.co/ofvdAJqHIK
Retweeted by Jun KokatsuBlogged! I analyzed the new portal <portal> element in Chrome a few months ago and it resulted in a few interesting… https://t.co/vtcRUBaKbd
Retweeted by Jun Kokatsu
9/5
2019
I would urge anyone who writes extensions for Chromium based browsers to read through https://t.co/hkqSAMZXXj. With… https://t.co/M1AmedUzJq
Retweeted by Jun Kokatsu
8/29
2019
@gorhill I don't see your DM being open. @gorhill how can I contact you to report a security bug in uBlock Origin? @cure53berlin No luck😇
8/27
2019
@irsdl @insertScript @cure53berlin @garethheyes @rene_kroka @CyproFiend EMIE list is different from CV list. It’s n… https://t.co/Jk939AJbJ0 @insertScript @irsdl @cure53berlin @garethheyes @rene_kroka @CyproFiend Right, but we still care about those companys🙂
8/25
2019

0