Bypassing Chrome's URL restrictions
Mar 07, 2021
Context Studying about Content Security Policy (CSP) features, I came across a nice bypass of Chrome’s URL restrictions that the browser implements to prevent leak of HTML data. However, Chrome dropped the feature on which with the bypass rely on in its 89 version released stable a few days ago so it is no longer possible to trigger.
The idea of Chrome developpers was to prevent exfiltration of HTML content done after triggering injections vulnerabilities through restrictions on what characters can be present in an URL.
...
➦
Finding an infosec job in Italy
Feb 14, 2021
Italy is not known for information security and finding a job in this area, or any other really, in this country is not as easy as it seems. It as now been a year I am in Milan and I would like to share what would have been useful for me before I arrived.
The following is a mix of facts and opinions, so do not take it too straightforward and adapt it to your particular case.
...
➦
MacOS forensic I
Nov 22, 2020
Forensic, MacOS & Volatility I recently came to investigate on a MacOS memory dump and raw disk. In this serie of posts there are some commands, guidelines and tricks I could not find while doing it with volatility on the memory dump.
Next, I will probably dump someone’s mac (as I do not possess one) to see if I can get my hands on a more recent version of the OS.
...
➦
