The Curse of Cross-Origin Stylesheets - Web Security Research
In 2017 a cool bug was reported by a researcher, which lead me down a rabbit hole to a 2014 and even 2009 bug. This provides interesting insight into how web security research looks like.
cgvwzq's Bug (2017): https://bugs.chromium.org/p/chromium/issues/detail?id=788936
filedescriptor's Bug (2014): https://bugs.chromium.org/p/chromium/issues/detail?id=419383
scarybeasts' Bug (2009): https://bugs.chromium.org/p/chromium/issues/detail?id=9877
GynvaelEN: https://www.youtube.com/user/GynvaelEN
Efail Stream: https://www.youtube.com/watch?v=VC_ItSQaUx4
-=[ 🔴 Stuff I use ]=-
→ Microphone:* https://geni.us/ntg3b
→ Graphics tablet:* https://geni.us/wacom-intuos
→ Camera#1 for streaming:* https://geni.us/sony-camera
→ Lens for streaming:* https://geni.us/sony-lense
→ Connect Camera#1 to PC:* https://geni.us/cam-link
→ Keyboard:* https://geni.us/mech-keyboard
→ Old Microphone:* https://geni.us/mic-at2020usb
US Store Front:* https://www.amazon.com/shop/liveoverflow
-=[ ❤️ Support ]=-
→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: https://twitter.com/LiveOverflow/
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/
-=[ 📄 P.S. ]=-
All links with "*" are affiliate links.
LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm.
#SecurityResearch
Видео The Curse of Cross-Origin Stylesheets - Web Security Research канала LiveOverflow
cgvwzq's Bug (2017): https://bugs.chromium.org/p/chromium/issues/detail?id=788936
filedescriptor's Bug (2014): https://bugs.chromium.org/p/chromium/issues/detail?id=419383
scarybeasts' Bug (2009): https://bugs.chromium.org/p/chromium/issues/detail?id=9877
GynvaelEN: https://www.youtube.com/user/GynvaelEN
Efail Stream: https://www.youtube.com/watch?v=VC_ItSQaUx4
-=[ 🔴 Stuff I use ]=-
→ Microphone:* https://geni.us/ntg3b
→ Graphics tablet:* https://geni.us/wacom-intuos
→ Camera#1 for streaming:* https://geni.us/sony-camera
→ Lens for streaming:* https://geni.us/sony-lense
→ Connect Camera#1 to PC:* https://geni.us/cam-link
→ Keyboard:* https://geni.us/mech-keyboard
→ Old Microphone:* https://geni.us/mic-at2020usb
US Store Front:* https://www.amazon.com/shop/liveoverflow
-=[ ❤️ Support ]=-
→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: https://twitter.com/LiveOverflow/
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/
-=[ 📄 P.S. ]=-
All links with "*" are affiliate links.
LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm.
#SecurityResearch
Видео The Curse of Cross-Origin Stylesheets - Web Security Research канала LiveOverflow
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
riscure embedded hardware CTF is over - loopback 0x03Channel is growing and Riscure hardware CTF starting soon - loopback 0x01Defeat a stack cookie with bruteforce - rhme2 Photo manager (pwn 100)Live Hacking - Internetwache CTF 2016 - web50, web60, web80LiveOverflow Channel Trailerformat2 on a modern Ubuntu - bin 0x26LiveOverflow Channel Introduction and Backstory - bin 0x00Deepdive Containers - Kernel Sources and nsenterWhat is a Protocol? (Deepdive)†: Some things I got wrong with JS Safe 2.0 - Google CTF 2018Riscure Embedded Hardware CTF setup and introduction - rhme2 SolderingTCP Protocol introduction - bin 0x1AXSS on the Wrong Domain T_T - Tech Support (web) Google CTF 2020Finding 0day in Apache APISIX During CTF (CVE-2022-24112)Capturing & Analyzing Packets with Saleae Logic Pro 8 - Reverse Engineering A/C Remote part 2Exploit Fails? Debug Your Shellcode - bin 0x2BFile Path Race Condition & How To Prevent It - bin 0x31HACKERSPACES ARE AWESOME!What is a Browser Security Sandbox?! (Learn to Hack Firefox)Fuzzing Browsers for weird XSS VectorsSolving Pwnable CTF Challenge With Docker Workflow