Speaker

• morioka12 (⁠⁠⁠⁠@scgajge12⁠⁠⁠⁠)
• mokusou (⁠⁠⁠⁠@Mokusou4⁠⁠⁠⁠)
• RyotaK (⁠⁠⁠⁠@ryotkak⁠⁠⁠⁠)

Summary (link)

• [大テーマ] 最近の取り組み
• Mutation XSS (MXSS)
• https://research.securitum.com/mutation-xss-via-mathml-mutation-dompurify-2-0-17-bypass/
• DOMPurify 2.5.3
• https://github.com/cure53/DOMPurify/releases/tag/2.5.3
• WAF Bypass
• https://x.com/hackerscrolls/status/1273254212546281473
• https://gist.github.com/hackerscrolls/5c0990dfc734eeb4a9ce8cf2ccdf6fba
• NahamCon 2024
• https://www.nahamcon.com/schedule
• https://scgajge12.hatenablog.com/entry/nahamcon_2024
• [中テーマ] Black Hat USA 2024
• "Listen to the Whispers: Web Timing Attacks that Actually Work"
• https://www.blackhat.com/us-24/briefings/schedule/index.html#listen-to-the-whispers-web-timing-attacks-that-actually-work-38297
• "Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server!"
• https://www.blackhat.com/us-24/briefings/schedule/index.html#confusion-attacks-exploiting-hidden-semantic-ambiguity-in-apache-http-server-40227
• "OVPNX: 4 Zero-Days Leading to RCE, LPE and KCE (via BYOVD) Affecting Millions of OpenVPN Endpoints Across the Globe"
• https://www.blackhat.com/us-24/briefings/schedule/index.html#ovpnx--zero-days-leading-to-rce-lpe-and-kce-via-byovd-affecting-millions-of-openvpn-endpoints-across-the-globe-38900
• V8 / Chrome
• https://x.com/ajxchapman/status/1794629740504178762
• https://blog.ajxchapman.com/
• input: Browser, Web3, LLM
• [Q&A] バグバウンティでVPNを使っていますか？OSSの場合は何のエディタを使っていますか？
• VSCode, IntelliJ IDEA
• Hacker News
• https://news.ycombinator.com/
• IntelliJ IDEA Community Edition
• https://sales.jetbrains.com/hc/ja/articles/360021922640-%E5%95%86%E7%94%A8%E3%82%BD%E3%83%95%E3%83%88%E3%82%A6%E3%82%A7%E3%82%A2%E3%82%92%E9%96%8B%E7%99%BA%E3%81%99%E3%82%8B%E3%81%9F%E3%82%81%E3%81%AB-Community-%E3%82%A8%E3%83%87%E3%82%A3%E3%82%B7%E3%83%A7%E3%83%B3%E3%81%AE-JetBrains-IDE-%E3%82%92%E4%BD%BF%E7%94%A8%E3%81%A7%E3%81%8D%E3%81%BE%E3%81%99%E3%81%8B
• [Q&A] ターゲットのサービスで検証用に複数のアカウントを作りたい時は、何のメールを使っていますか？
• Hacker Email Alias
• https://docs.hackerone.com/en/articles/8404308-hacker-email-alias
• Temp Mail - Disposable Temporary Email
• https://addons.mozilla.org/ja/firefox/addon/temp-mail/
• XSS in PDF.js
• https://x.com/albinowax/status/1792568684713500935
• https://codeanlabs.com/blog/research/cve-2024-4367-arbitrary-js-execution-in-pdf-js/

Web Page

• ⁠⁠⁠⁠https://bugbountyjppodcast.notion.site/Bug-Bounty-JP-Podcast-8bf1080383a54c4a8848f10bfeb874b3?pvs=4⁠⁠⁠⁠

Survery

• ⁠⁠⁠⁠https://forms.gle/wkr2jkc3m9o8NhPk7⁠⁠⁠⁠

BBJP_Podcast で話して欲しいテーマや聞きたいことなどを Google Form で募集しています。

感想も X(Twitter)でハッシュタグ「#BBJP_Podcast」や Google Formでいただけると嬉しいです。