Kévin GERVOT (Mizu)

I'm thrilled to finally share my research on HTML parsing and DOMPurify at @GreHack 2024 📜 The research article is available here: mizu.re/post/exploring… The slides are available here: slides.com/kevin-mizu/gre… 1/3

Just pushed a new update to Drop (Caido's Collaboration Plugin). We now have: * Key Import/Export (so you can re-use across machines/installs) * Drop dropdown in HTTP History * Drops are automatically sorted into a "Drops" Replay collection

GMSGadget (Give Me a Script Gadget) is a collection of JavaScript gadgets that can be used to bypass XSS mitigations such as Content Security Policy (CSP) and HTML sanitizers like DOMPurify. gmsgadget.com A useful tool by @kevin_mizu

New Hackyx Version 🚀🚀 hackyx.io - AI Search Mode - New dashboard to manage content - Automatically fetch new write-ups, bug reports and articles - RSS feed crawler - A queue system to handle jobs - Content with embeddings for better search - Filtered content to…

For this year Google CTF I created yet another Postviewer challenge called Postviewer v5². The challenge featured a seemingly impossible race-condition. Client-side race-conditions are an under-researched problem and could yield amazing real world bugs! gist.github.com/terjanq/e66c28…

Firefox固有XSS vectorが集まってる bugzilla.mozilla.org/show_bug.cgi?i…

Most people struggle with bug bounty recon scaling because nobody talks about the real challenges. We're sharing 5 years of hard-learned lessons on building systems that work. medium.com/@profundis.io/…

I’ve just published slides on Shadow DOM & security! 遅ればせながら #shibuyaxss の資料を公開しました！Shadow DOMとセキュリティの話です～ speakerdeck.com/masatokinugawa… (日本語) speakerdeck.com/masatokinugawa… (English)

I hope everyone got some rest after @DownUnderCTF this weekend. My colleague @hash_kitten wrote up a blog post on a novel technique for SQL Injection in PDO's prepared statements, required to exploit the “legendary” challenge, which only got one solve: slcyber.io/assetnote-secu…

I made a hard one 😅 But, it involves some very interesting Mutation XSS & DOM Clobbering fun combined with a CSP Bypass using the powerful SocketIO gadget. Everything's explained in my writeup below! jorianwoltjer.com/blog/p/ctf/int…

It's easy to bash vulnerabilities with logos but... I couldn't resist, say hello to http1mustdie.com :)

New blog post is up: How I leaked the IP addresses of Brave's Tor window and Chrome VPN extension users--plus, a new Popunder technique and connect-src CSP directive bypass. Read more @ 0x999.net/blog/leaking-i…

Introducing Haicker: your AI penetration tester Continuous, automated vulnerability scanning for your web codebases. Cheaper, faster, and more efficient than traditional pentesters. Book a demo now, link in the comments.

🔐 Data encryption in Laravel environments is based on one secret: the APP_KEY. Our ninja @_remsio_ studied the impact of its leakage on the internet during an entire year. synacktiv.com/en/publication…

The part about the 0day I used on the TrackDb web challenge for the FCSC2025 has just been disclosed in the writeup, you can read it here: worty.fr/post/writeups/… Please note that this vulnerability is not patched (see the end of the writeup for explanations).

Opening a new chapter 📖 From tinkering with old systems to giving talks at @BlackHatEvents, it’s been a wild ride. I am thrilled to share that I’m joining @SpecterOps as a Senior Security Researcher! Time to go full-time into deep technical security research🥰

new discovery: cache poisoning on next.js - CVE-2025-49826 indefinite caching of a 204 response, rendering the affected pages inaccessible affected versions: >15.0.4 and <15.2.0 there will be no research paper for this one