Tom Anthony
@tomanthony.bsky.social
Web dev since 1998. Bug bounty & security enthusiast. PhD in AI. CTO at SearchPilot - data driven SEO.
https://www.tomanthony.co.uk
https://www.tomanthony.co.uk
Reposted by Tom Anthony
For those who missed it, check out my talk, “Widgets Gone Wild: Exploiting XSS through Flawed postMessage Origin Checks.”
📺 Watch here: www.youtube.com/watch?v=qgB0...
🖥️ Follow along with the slides: 0-a.nl/nahamcon/
📺 Watch here: www.youtube.com/watch?v=qgB0...
🖥️ Follow along with the slides: 0-a.nl/nahamcon/
Widgets Gone Wild: Exploiting XSS Through Flawed postMessage Origin Checks
YouTube video by renniepak
www.youtube.com
May 24, 2025 at 7:33 PM
For those who missed it, check out my talk, “Widgets Gone Wild: Exploiting XSS through Flawed postMessage Origin Checks.”
📺 Watch here: www.youtube.com/watch?v=qgB0...
🖥️ Follow along with the slides: 0-a.nl/nahamcon/
📺 Watch here: www.youtube.com/watch?v=qgB0...
🖥️ Follow along with the slides: 0-a.nl/nahamcon/
Reposted by Tom Anthony
The slides and examples for my talk "Widgets Gone Wild: Exploiting XSS Through Flawed postMessage Origin Checks" at NahamCon can be found here: 0-a.nl/nahamcon/
May 24, 2025 at 9:23 AM
The slides and examples for my talk "Widgets Gone Wild: Exploiting XSS Through Flawed postMessage Origin Checks" at NahamCon can be found here: 0-a.nl/nahamcon/
Reposted by Tom Anthony
Here is the official writeup of my XSS challenge on Intigriti. I think it contains some fun browser trivia even for those who did not look at the chall
joaxcar.com/blog/2025/05...
joaxcar.com/blog/2025/05...
Confetti: Solution to my Intigriti May 2025 XSS Challenge - Johan Carlsson
joaxcar.com
May 20, 2025 at 3:59 PM
Here is the official writeup of my XSS challenge on Intigriti. I think it contains some fun browser trivia even for those who did not look at the chall
joaxcar.com/blog/2025/05...
joaxcar.com/blog/2025/05...
I'm excited to be speaking at #NahamCon2025 on May 23rd!
I'm going to be talking about a bug class that I believe is very undervalued, and will outline a methodology for how to find and exploit it in the wild.
May the bounties rain down upon you!
Details here: www.nahamcon.com
I'm going to be talking about a bug class that I believe is very undervalued, and will outline a methodology for how to find and exploit it in the wild.
May the bounties rain down upon you!
Details here: www.nahamcon.com
May 19, 2025 at 1:31 PM
I'm excited to be speaking at #NahamCon2025 on May 23rd!
I'm going to be talking about a bug class that I believe is very undervalued, and will outline a methodology for how to find and exploit it in the wild.
May the bounties rain down upon you!
Details here: www.nahamcon.com
I'm going to be talking about a bug class that I believe is very undervalued, and will outline a methodology for how to find and exploit it in the wild.
May the bounties rain down upon you!
Details here: www.nahamcon.com
Reposted by Tom Anthony
In case you missed it...the DEF CON video of my talk 'Splitting the Email Atom' is finally here! 🚀 Watch me demonstrate how to turn an email address into RCE on Joomla, bypass Zero Trust defences, and exploit parser discrepancies for misrouted emails. Don’t miss it:
youtu.be/JERBqoTllaE?...
youtu.be/JERBqoTllaE?...
DEF CON 32 - Splitting the email atom exploiting parsers to bypass access controls - Gareth Heyes
YouTube video by DEFCONConference
youtu.be
November 22, 2024 at 7:27 AM
In case you missed it...the DEF CON video of my talk 'Splitting the Email Atom' is finally here! 🚀 Watch me demonstrate how to turn an email address into RCE on Joomla, bypass Zero Trust defences, and exploit parser discrepancies for misrouted emails. Don’t miss it:
youtu.be/JERBqoTllaE?...
youtu.be/JERBqoTllaE?...