koto @kkotowicz
security ninja wannabe Mastodon: @[email protected] blog.kotowicz.net Joined August 2007-
Tweets6K
-
Followers9K
-
Following388
-
Likes4K
I'm happy to release a script gadgets wiki inspired by the work of @slekies, @kkotowicz, and @sirdarckcat in their Black Hat USA 2017 talk! 🔥 The goal is to provide quick access to gadgets that help bypass HTML sanitizers and CSPs 👇 gmsgadget.com 1/4
@NahamSec @neophyte2k @Google I'll make sure we send the rationale today. We should have done it inline with the decision, I don't have any excuse why we didn't. It commonly happens that the VRP reward is smaller than expected or 0, but of course we need to explain why this is the case.
We're sending a HUGE thank you to our incredible community of bughunters ! 🙏 Your passion for finding vulnerabilities keeps our users safe 🔒 To show our appreciation, we awarded over $380,000 in bounties this week, including the largest reward ever given in Google VRP history!
Co do jasnej cholery żeby nie napisać dosadniej.
Co tu się dzieje? Poseł PiS Andrzej Adamczyk mówi w kontekście grupy Dragon sector, która ujawniła machinacje przy pociągach Newagu, o złodziejach i napadzie na dom. Potem posłowie PiS i PO nie chcą słuchać co ustalił Dragon sector i głosują za przerwaniem posiedzenia komisji. To
Do you want to learn more about the various Vulnerability Reward Programs offered by Google? Or you're looking for inspiration? Check the video below in which @kkotowicz and @SecurityMB talk about Google VRPs! youtube.com/watch?v=R2qMd4…
Pretty cool exploit chain with the redirects. The writeup is also excellent, and the "screenshots" being actually interactive? 🤯 Thanks a lot for the research, @rebane2001!
Love a good client-side exploit chain! This crazy cross-product chain targeting Google by @rebane2001 is a great example of the type of exploit that gets easier the longer you spend targeting a single company lyra.horse/blog/2024/09/u…
If anyone is following the NEWAG vs Dragon Sector case, this article (in PL, but, well, 2024, google translate) is a really good read about the actual lawsuit and the first day of trial. Second day of trial will be on Jan 15, so there's some time for sides to file more stuff.
[PL] Świetny artykuł z aktualnego stanu sprawy, polecam :) (analiza pozwu przeciwko nam i trochę pierwszej rozprawy) oko.press/newag-hakerzy-…
XSS in Gmail is now $20k (or 50% more for exceptional quality report). Good thing we don't have XSSes anymore.... Or do we? :)
🚨💰 Google VRP Reward Update 💰🚨 Good news, we are significantly increasing the reward amounts offered by the Google VRP! Look out for up to 5x higher payouts and a maximum reward of $151,515! Details here: bughunters.google.com/blog/540051395…
It's finally happened! NEWAG IP Management just sued us for copyright infringement and unfair competition. Here's a symbolic picture of the lawsuit as a whole: Newag quoting q3k's own code as supposedly their IP :) More: infosec.exchange/@q3k@hackerspa…
So NEWAG (context: media.ccc.de/v/37c3-12142-b…) finally filed a lawsuit against members of @DragonSectorCTF / SPS. It took them a few months from when they said they'll do it, and apparently there were some snafus with addresses, but here we are. 1/n🧵
Pamiętacie sprawę Newagu i pociągów, których nie można było uruchomić z powodu zmienionego oprogramowania? 🚄 Sprawa się rozwija, choć w zaskakującym kierunku. Firma Newag bowiem pozwała informatyków z @DragonSectorCTF (@dsredford ) i firmę SPS o naruszenie praw autorskich 🍿
@LinkedIn says no to DOM XSS by enforcing Trusted Types! Congratulations to @shafigullin for this achievement 🎉
@kkotowicz It took us a while but jQuery 4.0.0 beta is out now: blog.jquery.com/2024/02/06/jqu…
Ever wondered how to increase your bug bounties 💸 ? Our latest blog post introduces our domain tiers security concept and how it is applied at Google, and includes a list of Google's highest sensitivity domains. bughunters.google.com/blog/456217538…
See how Google's security engineering team handles rollouts at scale, so we can safely enforce Strict CSP, Trusted Types and other security features on 100s new services yearly. bughunters.google.com/blog/589651289…
Mozilla decides Trusted Types is a worthy security feature dlvr.it/T0QwgP
Mozilla has changed their standards position on Trusted Types to positive 🎉 2024 will be a bad year for DOM-based XSS. github.com/mozilla/standa…
A few deprecations shipped in Chrome 120. Data URLs in SVG <use> is now blocked. chromestatus.com/feature/512882… CSP Embedded Enforcement's implicit opt-in for same-origin iframes is gone. chromestatus.com/feature/509815…
@jasvir @cramforce After some digging, this seems to be article 33 of eur-lex.europa.eu/legal-content/…
@jasvir @cramforce Criteria are listed in the article, e.g. > 45M monthly active end users from EU etc.
Gareth Heyes \u2028 @garethheyes
38K Followers 1K Following Web security researcher at PortSwigger. Author of JS for Hackers and Hackvertor. https://t.co/e0aNEbFb9D
Ben Sadeghipour @NahamSec
248K Followers 1K Following Cofounder @hackinghub_io | Advisor @CaidoIO. I hack companies and make content about it. #NahamCon organizer. ex @hacker0x01🇮🇷
LiveOverflow 🔴 @LiveOverflow
160K Followers 1K Following wannabe hacker... he/him 🌱 grow your hacking skills @hextreeio
lcamtuf @lcamtuf
40K Followers 500 Following Substack: https://t.co/yFvmNisGW3 Homepage: https://t.co/iFAXZxCO5H
shubs @infosec_au
59K Followers 2K Following Co-founder, security researcher. Building an attack surface management platform, @assetnote
@[email protected]... @SecurityMB
11K Followers 284 Following Improving the world’s security at Google. Opinions are mine.
James Kettle @albinowax
84K Followers 103 Following Director of Research at @PortSwigger aka @Burp_Suite. Find my research, tools & contact details at https://t.co/vP6UbGmvl3
Bug Bounty Reports Ex... @gregxsunday
54K Followers 611 Following Grzegorz Niedziela - a hacker who documents his hacking journey by creating and curating the best content about bug bounty and offensive security.
Clint Gibler @clintgibler
26K Followers 573 Following 🛡️ Leading Cyber at @OpenAI 📚 Creator of https://t.co/xwtIAI0CuJ newsletter
Louis Nyffenegger @snyff
21K Followers 604 Following Founder/CEO of @PentesterLab. Trainer, researcher, CVE archeologist. I like bugs, code review, and understanding why vulnerabilities exist.
ϻг_ϻε @steventseeley
23K Followers 559 Following Artist disguised as a logician. Pwn2Own Winner. Spiritual Alchemy. An adept in the making.
ZaufanaTrzeciaStrona ... @Zaufana3Strona
46K Followers 280 Following Spowiedź bezpieczeństwa AD 2026 - poznaj sekrety moich zabezpieczeń: https://t.co/9hytFsalZ7
Ange @angealbertini
25K Followers 916 Following Reverse engineer, file formats expert. Corkami, CPS2Shock, PoC||GTFO, Sha1tered, Magika... Security engineer @ Google. He/him.
Soroush Dalili @irsdl
20K Followers 941 Following Hacker (ethical), web appsec specialist, trainer, tools builder & apps breaker 🕸️https://t.co/YipuTcYnWc🥷 🍏A dad-joke maker🍐
Frans Rosén @fransrosen
44K Followers 909 Following Co-founder of @centrahq/@detectify/@poweredbyingrid. I do not advertise doing hacking services, do not trust the ones telling you I do.
André Baptista @0xacb
19K Followers 840 Following Hacker grinding for L1gh7 and Fr33dφm, straight outta the cosmic realm. Co-founder @ethiack
Justin Gardner @Rhynorater
38K Followers 2K Following Christian | Full-time Bug Bounty Hunter | Host of @ctbbpodcast | Advisor @CaidoIO | 4x LHE MVH | 🗣️ English, 日本語 | ♥️ @mariahchan_ ♥️
arabi @arabi9t
5 Followers 105 Following
Tomasz Garus @tgaruspl
2 Followers 49 Following
abktm99 @abktm99
0 Followers 32 Following
SomeOne @steeeven___
6 Followers 225 Following
bugsploiterr @systempwn3d
28 Followers 2K Following
Yunus Aydın @aydinnyunuss
1K Followers 1K Following
hicaro Miguel dias de... @__hicaro
0 Followers 3 Following
Tmawe Li @DRAGONFLAME1111
0 Followers 219 Following
Houssam Miliani @N0rmalizer_
35 Followers 645 Following
Mogtaba @MOGTABA_X
23 Followers 832 Following
𝕋ℍ𝔼 𝟘-𝔻... @the_0_day
0 Followers 2K Following Web Developer & Pentester | Let's Work Together To Secure The Web.
Thisoe 🩵 @ThisoeCode
53 Followers 451 Following M.E. (job) & coder (hobby) || 한국어 열심공부중💪; English👌; 日本語👌; 中文👌; JS/TS👌; EmbeddedC👌 || ⚙️외노자 || 🎂2001 || sub: @Thisoe_Sub || Avatar Credit: @chrone_co
4ss3m ⵣ 🇩🇿�... @ASSEMMRG
10 Followers 515 Following Web Penetration Tester | BSc Electrical Engineering | CTF Player & Bug Bounty Hunter
Satar @satar_nz
606 Followers 7K Following
xamse carab @HamzaAr12721415
11 Followers 571 Following
Nano @9_ttg28114
15 Followers 678 Following
Allen Joe @zrwikicc
1 Followers 346 Following
Mohammad Hafez @moh0f2z
18 Followers 513 Following Security researcher hunting for real-world bugs. Focused on XSS, IDOR, misconfig, and logic flaws. Always learning, always digging. 🔍💣
Jumping the Gun @jumping_thegun
2 Followers 91 Following
Halil Kayer @halilkayer
129 Followers 610 Following
Furinpon @Furinkan9999
15 Followers 806 Following
Jacob Wizman @jac0bw1
3 Followers 211 Following
ZENITH @ALIVE830
0 Followers 4K Following
Heiðar @heidark
30 Followers 716 Following
:) @ahmadtorkii
93 Followers 151 Following
Khangal Enkhsaikhan @khangal_
5 Followers 844 Following
Andrei Sorescu @realasorin
2 Followers 253 Following Hiking through life, security researching in the meantime.
Lu Nar @MonLight1047002
6 Followers 276 Following
Link Knight | (3,3) @LK_protocol
96 Followers 905 Following Developer | Web3 is inevitable #WomenInTech #BlockchainDev 🦇🔊
shell_Ghost @sh3llGhost
13 Followers 2K Following Bug Bounty Hunter & Cybersecurity Researcher & Developer Just a Chill guy👌
ghost69 @decrypter1711
21 Followers 158 Following
Brother Alex @mis4nthr0pic
2K Followers 2K Following PGP: 24E0 B4CD 960B 5196 Buy BITCOIN. Self-custody is the ritual. Security lobbyist @Zokyo_io 𝔦 𝔩𝔦𝔨𝔢 𝔱𝔥𝔢 𝔞𝔯𝔱 @remiliacorp333. @cryptolarbrasil arc
Bytequester @bytequester
5 Followers 128 Following What I hear, I forget; What I see, I remember; What I do, I understand. -Confucius
EragonKashyap11 @EragonKashyap11
14 Followers 193 Following Eat, sleep, Geekout | OSWA|OSWE|CEH Master Bug bounty hunter | Assamese😎
C @aeturnum_358
20 Followers 1K Following
Gareth Heyes \u2028 @garethheyes
38K Followers 1K Following Web security researcher at PortSwigger. Author of JS for Hackers and Hackvertor. https://t.co/e0aNEbFb9D
lcamtuf @lcamtuf
40K Followers 500 Following Substack: https://t.co/yFvmNisGW3 Homepage: https://t.co/iFAXZxCO5H
JS0N Haddix @Jhaddix
177K Followers 7K Following CEO, CISO, Trainer, Hacker, and Speaker. Cybersecurity + Hacking + AI + Sec Leadership @arcanuminfosec
@[email protected]... @SecurityMB
11K Followers 284 Following Improving the world’s security at Google. Opinions are mine.
James Kettle @albinowax
84K Followers 103 Following Director of Research at @PortSwigger aka @Burp_Suite. Find my research, tools & contact details at https://t.co/vP6UbGmvl3
Nicolas Grégoire @Agarri_FR
28K Followers 628 Following Web hacker and Burp Suite Pro trainer Refer to https://t.co/D5tRH7U2hg for trainings Follow @MasteringBurp for free tips and tricks
TrendAI Zero Day Init... @thezdi
89K Followers 18 Following TrendAI Zero Day Initiative™ (ZDI) is a program designed to reward security researchers for responsibly disclosing vulnerabilities.
ϻг_ϻε @steventseeley
23K Followers 559 Following Artist disguised as a logician. Pwn2Own Winner. Spiritual Alchemy. An adept in the making.
Ange @angealbertini
25K Followers 916 Following Reverse engineer, file formats expert. Corkami, CPS2Shock, PoC||GTFO, Sha1tered, Magika... Security engineer @ Google. He/him.
Soroush Dalili @irsdl
20K Followers 941 Following Hacker (ethical), web appsec specialist, trainer, tools builder & apps breaker 🕸️https://t.co/YipuTcYnWc🥷 🍏A dad-joke maker🍐
Frans Rosén @fransrosen
44K Followers 909 Following Co-founder of @centrahq/@detectify/@poweredbyingrid. I do not advertise doing hacking services, do not trust the ones telling you I do.
Gynvael Coldwind @gynvael
39K Followers 1K Following security researcher/programmer/director @ HexArcana Cybersecurity GmbH ⁂ @pagedout_zine ⁂ @DragonSectorCTF ⁂ https://t.co/ShG2c5As1K ⁂ ex-Google ⁂ he/him
Eduardo Vela @sirdarckcat
13K Followers 614 Following not mad. mentally divergent. personal profile, opinions my own. everything I say is probably wrong. @Google
Andrzej Dragan @andrzejdragan
85K Followers 105 Following Quantum physics professor @UniWarszawski + @NuSingapore — Wired’s cover: https://t.co/hkHXnRJeGH Człowiek rekonesansu…
RyotaK @ryotkak
11K Followers 651 Following Security researcher? | Icon: @MelvilleTw | Private: @RyotaK_Private | Misskey: https://t.co/63E5Rpv2pk | Blog: https://t.co/c7NFQXhV90
Frédéric Serval @fredserval
3K Followers 1K Following Je fabrique des jeux. #ウォーゲーム progresszió/neomarxizmus
SPIEL@Essen - #SPIEL2... @SPIEL_Messe
12K Followers 292 Following World's largest fair for board and card games #SPIEL24 Impressum: https://t.co/882wSvVe44 Datenschutz: https://t.co/rf7PYTPQMo
Abhishek Arya @infernosec
5K Followers 194 Following Principal Engineer, AI Security at Google. Opinions are my own.
Fall of Civilizations @Fall_of_Civ_Pod
58K Followers 1K Following A history podcast and YouTube video series by @PaulMMCooper looking at what happens when societies collapse. Now mostly on Bluesky: https://t.co/WVWGIBoTh1
Switzerland English @SWI_english
2K Followers 0 Following Finally! English news for people living in Switzerland. Monthly subscriptions and donations are appreciated. https://t.co/4q7J3DZwF6 by @kamber_marco
max seddon @maxseddon
352K Followers 5K Following moscow bureau chief @FT. in soviet russia, news reports you: [email protected]
Christo Grozev @christogrozev
547K Followers 1K Following Investigative journalist (Spiegel, The Insider, ex-Bellingcat). Hobby coder, hobby movie-maker. Blocks for #whatabout https://t.co/3kUwYLHXoL
Board Game Barrage @brdgamebarrage
3K Followers 809 Following Podcast about board games, the latest hotness, and how to have fun with your friends even when you're losing. (@christinaKnuev, @lakerk, @neilan, @markbesada)
This Game is Broken @TGiBpodcast
3K Followers 517 Following A Board Game Comedy Panel Show/Youtube with @matthew_jude_ @thehappyluza @paulademing and @Brothersmurph ⬇️ Find us here ⬇️
So Very Wrong About G... @sowronggames
2K Followers 143 Following A board gaming podcast about board games. Hosted by Michael Walker and Mark Bigney. Golden Geek Award-ineligible. New releases every Tuesday morning!
Helen Czerski @helenczerski
43K Followers 535 Following Physics, bubbles, oceans, hot chocolate and curiosity. Author of Storm in a Teacup & Blue Machine https://t.co/b6RFwt8UEj @helenczerski.bsky.social
Jasvir Nagra ✨ @jasvir
1K Followers 713 Following Advisor & builder. Formerly security @dropbox, product @instart & @google, authored Surreptitious Software, TL for Caja. I love good food, fine wine & great JS.
Christian Blichmann �... @AdmVonSchneider
2K Followers 597 Following Everything is always broken. Googler by day. #BinDiff maintainer. My tweets, my opinion. During my lifetime, CO2 increased by 67.84ppm (so far).
Wojciech Reguła @_r3ggi
6K Followers 858 Following iOS/macOS app security researcher & blogger. 🍎 Black Hat / DEF CON / TyphoonCon speaker. Head of mobile appsec @SecuRingPL
kramania @annkamsk
33 Followers 119 Following software engineer at @TweetQED; MIMUW survivor; grad student at LMIB @ KU Leuven; #actuallyautistic
wtm @wtm_offensi
3K Followers 1K Following Security researcher, bug bounty hunter, owner at Offensi. My opinions are those of my employer.
Niru Ragupathy / itsc... @itsC0rg1
1K Followers 458 Following Foodie, anime fan, security engineer and gamer. My views are my own, do not reflect those of my past, present or future employers.
Marta Rożek @rozek_marta
51 Followers 25 Following
Stefan Friedli @stfn42
6K Followers 658 Following Running the Red Team at @Google, PTES author, Area41 organizer. Opinions are my own. Tweets auto-expire. (He/Him)
PLinSwitzerland @PLinSwitzerland
4K Followers 530 Following Ambasada RP w Bernie 🇵🇱 Botschaft vo Pole z Bärn 🇨🇭 Ambassade de Pologne à Berne 🇱🇮 Ambasciata di Polonia a Berna 💯 L'ambassada da la Pologna a Berna
sMyle (🦋 @myles.de... @MylesBorins
16K Followers 2K Following He / Him | Product ❄️ | prev GitHub Product, Google Cloud Dev Rel, IBM Open Source Eng | Opinions are potentially wrong, but definitely my own
Sal ꙮ @salchoman
682 Followers 974 Following Senior Staff Entomology & Archeology at Google's Agent Security team. Previously BurpSuite Crawler & Scanner team. Personal friend of Carlos Montoya. 🧀
terjanq @terjanq
11K Followers 271 Following security enthusiast that loves hunting for bugs in the wild. co-founder and player of @justCatTheFish. infosec at @google. opinions are mine.
English Coronavirus u... @CoronaEnglish
9K Followers 177 Following Curated and translated by @kamber_marco Please buy me a coffee! All donations are very much appreciated. ❤️ https://t.co/F3xrnqzTCt
Sebastian Neuner @sebastian9er
544 Followers 649 Following Security Engineer @Google. Loves CTFs. Opinions are my own. Mastodon: @[email protected]
Jen Bourey 👩�... @jbourey
330 Followers 367 Following Techie queer mom. Senior Staff Software Engineer @ Google, making code more secure. She/her. Views are mine. Mastodon: @[email protected]
Lukas Weichselbaum @we1x
2K Followers 505 Following Leading @Google's web security team. Opinions are my own. Bluesky: @webappsec.dev
John Leyden @jleyden
6K Followers 464 Following IT security journalist, sports fan and travel enthusiast. Proud Mancunian. Tips? Signal: +44 7542 483 345 | 🐘 https://t.co/WLAY3P5Fzz
Artur Janc @arturjanc
2K Followers 347 Following Making the web platform more secure and private, and managing part of @Google's Information Security Engineering team in my spare time.
Cassidy @cassidoo
180K Followers 695 Following Making memes, dreams, & software! Sr. Director of Dev Advocacy at @github. Married to @ijoosong, mom of 2 nerdy babies. She/Her ✝️ Subscribe to my newsletter!
Intent To Ship @intenttoship
11K Followers 0 Following I tweet when browser makers announce an intent to ship, change or remove features in their web engines! 🦋 / 🦕 @ https://t.co/dnQVpTLLG4
Matias Sequeira @matiasasequeira
161 Followers 352 Following Web3 security @coinspect. Fulbrighter @ Northeastern University. Entrerriano 🇦🇷🧉
Francisco Müller Ama... @famato
11K Followers 9K Following Co-Founder @faradaysec & @ekoparty security conference. #Evilgrade https://t.co/RaqeRoSaRm $home 🌍🇦🇷 Merlo Valley
Tom Van Goethem @tomvangoethem
2K Followers 447 Following Software Engineer at @Google (Chrome Privacy), researcher at @DistriNet, web security fanatic, side-channel junkie
Jeff Hodges / @equals... @equalsJeffH
465 Followers 166 Following Vocation: Fatherhood and other endurance sports. Past vocation: Web (in)Security, Protocol Design, Online Identity. Discord: equalsjeffh
Emanuel Tesar @EmanuelTesar
26 Followers 113 Following
Damien Engels @EngelsDamien
85 Followers 400 Following
Anushree @imAnushree
2K Followers 2K Following Frontend Developer | 🧠 AuDHD | #BetterThanYesterday 📈 | Plant powered🥬 | Healthy Living🧘♀️🏃♀️
JSNation | The key JS... @thejsnation
18K Followers 3K Following The latest trends in Web development. 🌷Amsterdam, June 11 & 15, https://t.co/AvK1eLo40t 🗽New York, Nov 16 & 19, https://t.co/4qbl2x3BsB
Minko Gechev @mgechev
58K Followers 221 Following Generative UI and AI developer productivity at Google. Martial arts and metal music. Opinions are my own 🇧🇬🇺🇸






























