Speaker

• morioka12 (⁠⁠⁠⁠@scgajge12⁠⁠⁠⁠)


• mokusou (⁠⁠⁠⁠@Mokusou4⁠⁠⁠⁠)


• RyotaK (⁠⁠⁠⁠@ryotkak⁠⁠⁠⁠)

Summary (link)

• [大テーマ] 最近の取り組み




• Mutation XSS (MXSS)




• https://research.securitum.com/mutation-xss-via-mathml-mutation-dompurify-2-0-17-bypass/




• DOMPurify 2.5.3




• https://github.com/cure53/DOMPurify/releases/tag/2.5.3




• WAF Bypass




• https://x.com/hackerscrolls/status/1273254212546281473


• https://gist.github.com/hackerscrolls/5c0990dfc734eeb4a9ce8cf2ccdf6fba






• NahamCon 2024




• https://www.nahamcon.com/schedule


• https://scgajge12.hatenablog.com/entry/nahamcon_2024




• [中テーマ] Black Hat USA 2024




• "Listen to the Whispers: Web Timing Attacks that Actually Work"




• https://www.blackhat.com/us-24/briefings/schedule/index.html#listen-to-the-whispers-web-timing-attacks-that-actually-work-38297




• "Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server!"




• https://www.blackhat.com/us-24/briefings/schedule/index.html#confusion-attacks-exploiting-hidden-semantic-ambiguity-in-apache-http-server-40227




• "OVPNX: 4 Zero-Days Leading to RCE, LPE and KCE (via BYOVD) Affecting Millions of OpenVPN Endpoints Across the Globe"




• https://www.blackhat.com/us-24/briefings/schedule/index.html#ovpnx--zero-days-leading-to-rce-lpe-and-kce-via-byovd-affecting-millions-of-openvpn-endpoints-across-the-globe-38900






• V8 / Chrome




• https://x.com/ajxchapman/status/1794629740504178762


• https://blog.ajxchapman.com/




• input: Browser, Web3, LLM


• [Q&A] バグバウンティでVPNを使っていますか？OSSの場合は何のエディタを使っていますか？




• VSCode, IntelliJ IDEA




• Hacker News




• https://news.ycombinator.com/




• IntelliJ IDEA Community Edition




• https://sales.jetbrains.com/hc/ja/articles/360021922640-%E5%95%86%E7%94%A8%E3%82%BD%E3%83%95%E3%83%88%E3%82%A6%E3%82%A7%E3%82%A2%E3%82%92%E9%96%8B%E7%99%BA%E3%81%99%E3%82%8B%E3%81%9F%E3%82%81%E3%81%AB-Community-%E3%82%A8%E3%83%87%E3%82%A3%E3%82%B7%E3%83%A7%E3%83%B3%E3%81%AE-JetBrains-IDE-%E3%82%92%E4%BD%BF%E7%94%A8%E3%81%A7%E3%81%8D%E3%81%BE%E3%81%99%E3%81%8B




• [Q&A] ターゲットのサービスで検証用に複数のアカウントを作りたい時は、何のメールを使っていますか？




• Hacker Email Alias




• https://docs.hackerone.com/en/articles/8404308-hacker-email-alias






• Temp Mail - Disposable Temporary Email




• https://addons.mozilla.org/ja/firefox/addon/temp-mail/




• XSS in PDF.js




• https://x.com/albinowax/status/1792568684713500935


• https://codeanlabs.com/blog/research/cve-2024-4367-arbitrary-js-execution-in-pdf-js/

Web Page

• ⁠⁠⁠⁠https://bugbountyjppodcast.notion.site/Bug-Bounty-JP-Podcast-8bf1080383a54c4a8848f10bfeb874b3?pvs=4⁠⁠⁠⁠

Survery

• ⁠⁠⁠⁠https://forms.gle/wkr2jkc3m9o8NhPk7⁠⁠⁠⁠

BBJP_Podcast で話して欲しいテーマや聞きたいことなどを Google Form で募集しています。

感想も X(Twitter)でハッシュタグ「#BBJP_Podcast」や Google Formでいただけると嬉しいです。