terjanq.me - Profile | ThreadSky | a Reddit-style client for Bluesky

terjanq.me

security enthusiast that loves hunting for bugs in the wild. co-founder and player of @justCatTheFish. infosec at @google. opinions are mine. From: https://twitter.com/terjanq

37 posts 2,265 followers 150 following

Posts 19 Comments 30

During #x3ctf, I discovered an unintended solution that turned out to be a pretty cool generic technique. It allows you to detect the result of a selector during CSS Injection, bypassing any CSP restricting external requests! Check out the writeup below: jorianwoltjer.com/blog/p/ctf/x...

submitted 32 days ago • 1 comment

Here is (finally) the writeup and conclusion of the challenge: joaxcar.com/blog/2024/12... Maybe not the best write-up, but I have to allow myself to actually post, rather than refactor, posts. I hope someone finds it useful. And thanks everyone that participated. Special shoutout to @terjanq.me

submitted 69 days ago • 0 comments

settings ➡️ content & media ➡️ threads ➡️ experimental Helps a lot with longer threads!

submitted 74 days ago • 0 comments

Imagine opening a Discord message and suddenly your computer is hacked. We discovered a bug that made this possible and earned a $5,000 bounty for it. Here's the story and a beginner-friendly deep dive into V8 exploit development. watch: youtu.be/R3SE4VKj678?...

submitted 75 days ago • 1 comment

Got sniped into the challenge and ended up doing some cool XSS research :D 11 char XSS with mind-boggling race-conditions. TL;DR the final payload is location=x (10 chars) and the longest is top.Z.x=x.d (11 char) It's shorter than location=name !! terjanq.me/solutions/jo...

submitted 75 days ago • 1 comment

Extended the starter with shy writers! 😀 If you're not on the list but write about web security, then feel free to reply with the article you're most proud of, and I will add you to the pack! Make sure to resubscribe to not not miss on the amazing 🌐research! go.bsky.app/9JXnB17

submitted 79 days ago • 9 comments

I started a Web Security Writers starter pack. Had to add 7 accounts so settled on a couple of obvious names but the idea I have for the starter is different. Please share your BEST writeup / article in the reply and I will add you to the pack! Let's shake the platform a bit with amazing research! 🕸️

submitted 88 days ago • 15 comments

I started a Web Security Writers starter pack. Had to add 7 accounts so settled on a couple of obvious names but the idea I have for the starter is different. Please share your BEST writeup / article in the reply and I will add you to the pack! Let's shake the platform a bit with amazing research! 🕸️

submitted 88 days ago • 15 comments

My latest blog post is live! nastystereo.com/security/cro... Read how to send a cross-site POST without including a Content-Type header (without CORS). It even works with navigator.sendBeacon

submitted 92 days ago • 3 comments

Great article about mXSS by @jorianwoltjer.com!

submitted 92 days ago • 0 comments

Modern solutions against cross-site attacks (frederikbraun.de/modern-solut...): An article about cross-site leak attacks and browser-based defenses. You will also learn why web security best practices is always opt-in and finally how YOU can get increased security controls.

submitted 92 days ago • 0 comments

Any bug bounty people around? I'm creating a starter pack of people to follow but it's pretty brief currently! Let me know if you'd like to be added: go.bsky.app/GD7hKPX

submitted 98 days ago • 45 comments

Handling Cookies is a Minefield: Inconsistencies in the HTTP cookie specification and its implementations have caused a situation where countless websites (including Facebook, Netflix, Okta, WhatsApp, Apple, etc.) are one small mistake away from locking their users out. grayduck.mn/2024/11/21/h...

submitted 98 days ago • 14 comments

Just crossed 10% of my twitter audience. 90% more to go! 🚀

submitted 99 days ago • 3 comments

Great article about multipart parsing. Reminds me about the bypasses I found in modsec parser medium.com/@terjanq/waf...

submitted 100 days ago • 1 comment

Happy to publish the effort of my last five years: Security Signals. research.google/pubs/securit...

submitted 102 days ago • 0 comments

I'm in the process of creating a web security starter pack and need your help finding more webbies here. Please share and recommend folks passionate about web security in comments below so we can get this community started here 🙂 go.bsky.app/Uf8dZhz

submitted 102 days ago • 16 comments

If you're into web security take a look at my LocoMocoSec keynote slides from this summer about "Google's Recipe for Scaling (Web) Security": speakerdeck.com/lweichselbau...

submitted 103 days ago • 1 comment

Bring back the bird!

submitted 472 days ago • 0 comments